CVE-2011-2904

Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta10:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta11:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta12:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta4:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta5:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta6:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta7:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta8:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1:beta9:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3.1:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3.2:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3.3:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3.4:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3.5:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3.6:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3.7:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.3.8:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.4.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.5:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.5.1:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.5.2:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.5.3:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.5.4:beta:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.6.9:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.7:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.3:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.3:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.3:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.4:rc1:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.4:rc2:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.4:rc3:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.4:rc4:*:*:*:*:*:*
cpe:2.3:a:zabbix:zabbix:1.8.5:rc1:*:*:*:*:*:*

History

No history.

Information

Published : 2011-08-19 21:55

Updated : 2024-02-28 11:41


NVD link : CVE-2011-2904

Mitre link : CVE-2011-2904

CVE.ORG link : CVE-2011-2904


JSON object : View

Products Affected

zabbix

  • zabbix
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')