Candidate: CVE-2010-2790
PublicDate: 2010-08-05 13:23:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2790
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery
 function in frontends/php/include/classes/class.curl.php in Zabbix before
 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via
 the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select
 parameters to the triggers page (tr_status.php).  NOTE: some of these
 details are obtained from third party information.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_zabbix:
upstream_zabbix: released (1.8.3)
dapper_zabbix: DNE
hardy_zabbix: ignored (reached end-of-life)
jaunty_zabbix: ignored (reached end-of-life)
karmic_zabbix: ignored (reached end-of-life)
lucid_zabbix: ignored (reached end-of-life)
maverick_zabbix: ignored (reached end-of-life)
natty_zabbix: not-affected (1:1.8.3-2ubuntu1)
oneiric_zabbix: not-affected (1:1.8.3-2ubuntu1)
precise_zabbix: not-affected (1:1.8.3-2ubuntu1)
quantal_zabbix: not-affected (1:1.8.3-2ubuntu1)
raring_zabbix: not-affected (1:1.8.3-2ubuntu1)
saucy_zabbix: not-affected (1:1.8.3-2ubuntu1)
devel_zabbix: not-affected (1:1.8.3-2ubuntu1)