Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.…

Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution textâ€� when selected “Otherâ€� Tile provider. Zafiyet ile ilgili…

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application…

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script…

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL…

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script can be activated through Action…

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash.…

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative…

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user “zabbix”) on the Zabbix…

Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line…