CVE-2023-32721

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-32721
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32721.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-32721
Downstream
Published
2023-10-12T07:15:09.677Z
Modified
2026-04-11T12:45:16.018342Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL.

Database specific 
{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "introduced": "4.0.0"
                },
                {
                    "last_affected": "4.0.47"
                },
                {
                    "introduced": "5.0.0"
                },
                {
                    "last_affected": "5.0.36"
                },
                {
                    "introduced": "6.4.0"
                },
                {
                    "last_affected": "6.4.5"
                }
            ],
            "cpe": "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*"
        }
    ]
}
References

Affected packages

Git / github.com/zabbix/zabbix

Affected ranges

Type
GIT
Repo
https://github.com/zabbix/zabbix
Events
Introduced
5203d2ea7d901cd33d148f20586e2155901a7faa
Last affected
b60e269feb4d3129744eed5162e72d509d348864
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
aef542ad8aef472874199012f9b2350db16dc7ee
Last affected
72e3519b849b54011cc7792669fbcc629eb502c9
Last affected
8880b5094a533ea929452b4aebf021914df01eb8
Database specific 
{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "6.0.0"
        },
        {
            "last_affected": "6.0.20"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0.0-alpha1"
        },
        {
            "last_affected": "7.0.0-alpha2"
        },
        {
            "last_affected": "7.0.0-alpha3"
        }
    ],
    "cpe": [
        "cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha1:*:*:*:*:*:*",
        "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha2:*:*:*:*:*:*",
        "cpe:2.3:a:zabbix:zabbix:7.0.0:alpha3:*:*:*:*:*:*"
    ]
}

Affected versions

6.*
6.0.0
6.0.1
6.0.10
6.0.10rc1
6.0.10rc2
6.0.11
6.0.11rc1
6.0.11rc2
6.0.12
6.0.12rc1
6.0.12rc2
6.0.13
6.0.13rc1
6.0.14
6.0.14rc1
6.0.14rc2
6.0.15
6.0.15rc1
6.0.15rc2
6.0.16
6.0.16rc1
6.0.17
6.0.17rc1
6.0.17rc2
6.0.18
6.0.18rc1
6.0.19
6.0.19rc1
6.0.1rc1
6.0.1rc2
6.0.1rc3
6.0.1rc4
6.0.2
6.0.20
6.0.20rc1
6.0.2rc1
6.0.3
6.0.3rc1
6.0.4
6.0.4rc1
6.0.5
6.0.5rc1
6.0.6
6.0.6rc1
6.0.7
6.0.7rc1
6.0.8
6.0.8rc1
6.0.8rc2
6.0.9
6.0.9rc1
6.0.9rc2
7.*
7.0.0alpha1
7.0.0alpha2
7.0.0alpha3

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-32721.json"