Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash.…

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script can be activated through Action…

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL…

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim’s browser. The script…

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application…

Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution textâ€� when selected “Otherâ€� Tile provider. Zafiyet ile ilgili…

Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.…

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user “zabbix”) on the Zabbix…

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative…