CVE-2010-2790

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2010-2790

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2010-2790.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2010-2790

Downstream

DEBIAN-CVE-2010-2790

Published

2010-08-05T13:23:09Z

Modified

2025-08-09T20:01:25Z

Summary

[none]

Details

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filterset, (2) showdetails, (3) filterrst, or (4) txtselect parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.

References

http://secunia.com/advisories/40679
http://www.vupen.com/english/advisories/2010/1908
https://support.zabbix.com/browse/ZBX-2326
http://www.securityfocus.com/bid/42017
http://www.zabbix.com/forum/showthread.php?p=68770
https://exchange.xforce.ibmcloud.com/vulnerabilities/60772

CVE-2010-2790

Affected packages