CVE-2010-2790
EPSS 0.44%
描述
Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.
如何修補 CVE-2010-2790
要修補 CVE-2010-2790,請將受影響套件升級到下列已修補版本。
- Debian/zabbix—升級至 1:1.8.3-1 或更新版本
CVE-2010-2790 正在被利用嗎?
低 — EPSS 為 0.4%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- from 0, < 1:1.8.3-1