CVE-2022-35229 LOW

CVE-2022-35229: Reflected XSS in discovery page of Zabbix Frontend

Vendor Zabbix

Product Frontend

Weakness CWE-79 · XSS

Published July 6, 2022

Last update November 3, 2025

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.

Key dates

02Disclosure timeline

July 6, 2022 CVE published

November 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-35229 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2022-35229

CWE CWE-79

CVSS 3.7 / LOW

Affected versions

Vendor Zabbix

Product Frontend

Affected 4.0.0-4.0.42

Vendor Zabbix

Product Frontend

Affected 5.0.0-5.0.24

Vendor Zabbix

Product Frontend

Affected 6.0.0-6.0.4

Vendor Zabbix

Product Frontend

Affected 6.2alpha1-6.2beta3

CVE-2022-35229: Reflected XSS in discovery page of Zabbix Frontend

01Description

02Disclosure timeline

03References

04Related CVE