CVE-2022-35230 Information

Description

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim which is changed periodically and is difficult to predict.

Reference

https://support.zabbix.com/browse/ZBX-21305