Bugzilla – Bug 1174253
VUL-0: CVE-2020-15803: zabbix: stored XSS in the URL Widget
Last modified: 2022-02-16 14:19:41 UTC
CVE-2020-15803 Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. References: https://support.zabbix.com/browse/ZBX-18057 References: https://bugzilla.redhat.com/show_bug.cgi?id=1858258 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15803 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15803 https://support.zabbix.com/browse/ZBX-18057
SLE12-SP3 both LEAP 15.1 and 15.2 and Factory tracked as affected
Updated packages for openSUSE_Leap 15.1 and 15.2 and for Backports_SLE-15-SP1 Backports_SLE-15-SP2
(In reply to Boris Manojlovic from comment #3) > Updated packages for > openSUSE_Leap 15.1 and 15.2 > and for Backports_SLE-15-SP1 Backports_SLE-15-SP2 Sorry, but I had to decline the submission. We require boo# references for CVEs (and normal bugs) for submission. Could you re-submit with the boo# reference added to the changes file. Just mention boo#1174253 somewhere in the changes entry and that would be sufficient.
added reference to this bug report
This is an autogenerated message for OBS integration: This bug (1174253) was mentioned in https://build.opensuse.org/request/show/822230 15.1+15.2+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / zabbix
SUSE-SU-2020:2251-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1174253 CVE References: CVE-2020-15803 JIRA References: Sources used: SUSE Linux Enterprise Server 12-SP5 (src): zabbix-4.0.12-4.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1604-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1174253 CVE References: CVE-2020-11800,CVE-2020-15803 JIRA References: Sources used: openSUSE Leap 15.2 (src): zabbix-3.0.31-lp152.2.3.1 openSUSE Leap 15.1 (src): zabbix-3.0.31-lp151.2.6.1 openSUSE Backports SLE-15-SP2 (src): zabbix-3.0.31-bp152.2.3.1 openSUSE Backports SLE-15-SP1 (src): zabbix-3.0.31-bp151.4.6.1
Released.
openSUSE-SU-2022:0036-1: An update that solves three vulnerabilities and has two fixes is now available. Category: security (moderate) Bug References: 1144018,1174253,1181400,1183014,1194681 CVE References: CVE-2020-15803,CVE-2021-27927,CVE-2022-23134 JIRA References: Sources used: openSUSE Leap 15.3 (src): zabbix-4.0.37-lp153.2.3.1