Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: zabbix.web

Found 1 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-23928
updated an hour ago by @LeSuisse Activity log
  • Created suggestion 11 hours ago
  • @LeSuisse ignored
    52 packages
    • zabbixctl
    • zabbix-cli
    • zabbix.agent
    • zabbix.agent2
    • zabbix.server
    • zabbix60.agent
    • zabbix70.agent
    • zabbix72.agent
    • zabbix74.agent
    • zabbix60.agent2
    • zabbix60.server
    • zabbix70.agent2
    • zabbix70.server
    • zabbix72.agent2
    • zabbix72.server
    • zabbix74.agent2
    • zabbix74.server
    • zabbix.proxy-mysql
    • zabbix.proxy-pgsql
    • zabbix.proxy-sqlite
    • zabbix.server-mysql
    • zabbix.server-pgsql
    • zabbix60.proxy-mysql
    • zabbix60.proxy-pgsql
    • zabbix70.proxy-mysql
    • zabbix70.proxy-pgsql
    • zabbix72.proxy-mysql
    • zabbix72.proxy-pgsql
    • zabbix74.proxy-mysql
    • zabbix74.proxy-pgsql
    • zabbix60.proxy-sqlite
    • zabbix60.server-mysql
    • zabbix60.server-pgsql
    • zabbix70.proxy-sqlite
    • zabbix70.server-mysql
    • zabbix70.server-pgsql
    • zabbix72.proxy-sqlite
    • zabbix72.server-mysql
    • zabbix72.server-pgsql
    • zabbix74.proxy-sqlite
    • zabbix74.server-mysql
    • zabbix74.server-pgsql
    • python312Packages.pyzabbix
    • python313Packages.pyzabbix
    • python314Packages.pyzabbix
    • python312Packages.py-zabbix
    • python313Packages.py-zabbix
    • python314Packages.py-zabbix
    • python312Packages.zabbix-utils
    • python313Packages.zabbix-utils
    • python314Packages.zabbix-utils
    • zabbix-agent2-plugin-postgresql
    an hour ago
  • @LeSuisse accepted an hour ago
  • @LeSuisse published on GitHub an hour ago
Stored XSS vulnerability in the Item history/Plain text widget

The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would have to come from a monitored host controlled by the attacker. Note: the Item history widget is a replacement for the Plain text widget since Zabbix 7.0.

Affected products

Zabbix
  • =<7.0.23
  • =<7.4.7
  • =<6.0.44

Matching in nixpkgs

pkgs.zabbix.web

Enterprise-class open source distributed monitoring solution (web frontend)

pkgs.zabbix60.web

Enterprise-class open source distributed monitoring solution (web frontend)

pkgs.zabbix70.web

Enterprise-class open source distributed monitoring solution (web frontend)

pkgs.zabbix72.web

Enterprise-class open source distributed monitoring solution (web frontend)

pkgs.zabbix74.web

Enterprise-class open source distributed monitoring solution (web frontend)

Ignored packages (52)

pkgs.zabbix.agent

Enterprise-class open source distributed monitoring solution (client-side agent)

pkgs.zabbix72.agent

Enterprise-class open source distributed monitoring solution (client-side agent)

pkgs.zabbix74.agent

Enterprise-class open source distributed monitoring solution (client-side agent)

pkgs.zabbix74.proxy-mysql

Enterprise-class open source distributed monitoring solution (client-server proxy)

pkgs.zabbix74.proxy-pgsql

Enterprise-class open source distributed monitoring solution (client-server proxy)

Package maintainers