Candidate: CVE-2020-15803
PublicDate: 2020-07-17 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15803
 https://support.zabbix.com/browse/ZBX-18057
Description:
 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before
 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
Ubuntu-Description:
 It was discovered that Zabbix did not properly validate input. A remote
 attacker could exploit this to conduct cross-site scripting (XSS) attacks.
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N [6.1 MEDIUM]


Patches_zabbix:
upstream_zabbix: needs-triage
precise/esm_zabbix: DNE
trusty_zabbix: ignored (out of standard support)
trusty/esm_zabbix: not-affected (code not present)
xenial_zabbix: ignored (end of standard support, was needed)
bionic_zabbix: needed
focal_zabbix: needed
groovy_zabbix: not-affected (1:5.0.2+dfsg-1)
hirsute_zabbix: not-affected (1:5.0.2+dfsg-1)
impish_zabbix: not-affected (1:5.0.2+dfsg-1)
jammy_zabbix: not-affected (1:5.0.2+dfsg-1)
devel_zabbix: not-affected (1:5.0.2+dfsg-1)