{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T17:55:50.740","vulnerabilities":[{"cve":{"id":"CVE-2022-23133","sourceIdentifier":"security@zabbix.com","published":"2022-01-13T16:15:08.170","lastModified":"2025-11-03T22:15:55.847","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users. When XSS is stored by an authenticated malicious actor and other users try to search for groups during new host creation, the XSS payload will fire and the actor can steal session cookies and perform session hijacking to impersonate users or take over their accounts."},{"lang":"es","value":"Un usuario autenticado puede crear un grupo de hosts desde la configuración con el payload de tipo XSS, que estará disponible para otros usuarios. Cuando un actor malicioso autenticado almacena XSS y otros usuarios intentan buscar grupos durante la creación de nuevos hosts, la carga útil de tipo XSS se dispara y el actor puede robar las cookies de sesión y llevar a cabo un secuestro de sesión para suplantar a los usuarios o hacerse con sus cuentas"}],"metrics":{"cvssMetricV31":[{"source":"security@zabbix.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security@zabbix.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndIncluding":"5.0.18","matchCriteriaId":"E5754717-C846-47CA-81C2-D2BA46BED5AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*","versionStartIncluding":"5.4.0","versionEndIncluding":"5.4.8","matchCriteriaId":"19429F9A-8623-4BA9-984B-4982418C21CD"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:6.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"0DC67B03-AF43-45C9-8EAC-D60DA5887712"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","matchCriteriaId":"A930E247-0B43-43CB-98FF-6CE7B8189835"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","matchCriteriaId":"80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}]}]}],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/","source":"security@zabbix.com"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/","source":"security@zabbix.com"},{"url":"https://support.zabbix.com/browse/ZBX-20388","source":"security@zabbix.com","tags":["Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00000.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6SZYHXINBKCY42ITFSNCYE7KCSF33VRA/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VB6W556GVXOKUYTASTDGL3AI7S3SJHX7/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.zabbix.com/browse/ZBX-20388","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Vendor Advisory"]}]}}]}