CVE-2011-5027 [Medium] | XSS in Zabbix

CVE-2011-5027 is rated Low Risk (38.1/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.44%). Monitor for updates and reassess as exploit intelligence or EPSS changes.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-03-30	0.64%	0.44%	-0.20%
2	2025-03-29	0.44%	0.64%	+0.20%
3	2025-03-17	—	0.44%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-03-30

0.64%

0.44%

-0.20%

2025-03-29

0.44%

0.64%

+0.20%

2025-03-17

—

0.44%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	8.6	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

8.6

2.9

[email protected]

OS Trackers for CVE-2011-5027

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2011-5027 not yet assigned priority: Debian including 1 source packages (zabbix), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2011-5027
`ubuntu`	medium	CVE-2011-5027 medium priority: Ubuntu including 1 source packages (zabbix), 10 status rows across 10 suites (hardy, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, upstream): ignored 5, not-affected 4, released 1.	https://ubuntu.com/security/CVE-2011-5027

Affected software / configurations for CVE-2011-5027

Vendor	Product	Version	Raw CPE
zabbix	zabbix	<= 1.8.10	cpe:2.3:a:zabbix:zabbix::rc2::::::*
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:::::::*
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta10::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta11::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta12::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta2::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta3::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta4::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta5::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta6::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta7::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta8::::::
zabbix	zabbix	1.1	cpe:2.3:a:zabbix:zabbix:1.1:beta9::::::
zabbix	zabbix	1.1.1	cpe:2.3:a:zabbix:zabbix:1.1.1:::::::*
zabbix	zabbix	1.1.2	cpe:2.3:a:zabbix:zabbix:1.1.2:::::::*
zabbix	zabbix	1.1.3	cpe:2.3:a:zabbix:zabbix:1.1.3:::::::*
zabbix	zabbix	1.1.4	cpe:2.3:a:zabbix:zabbix:1.1.4:::::::*
zabbix	zabbix	1.1.5	cpe:2.3:a:zabbix:zabbix:1.1.5:::::::*
zabbix	zabbix	1.1.6	cpe:2.3:a:zabbix:zabbix:1.1.6:::::::*
zabbix	zabbix	1.1.7	cpe:2.3:a:zabbix:zabbix:1.1.7:::::::*
zabbix	zabbix	1.3	cpe:2.3:a:zabbix:zabbix:1.3:beta::::::
zabbix	zabbix	1.3.1	cpe:2.3:a:zabbix:zabbix:1.3.1:beta::::::
zabbix	zabbix	1.3.2	cpe:2.3:a:zabbix:zabbix:1.3.2:beta::::::
zabbix	zabbix	1.3.3	cpe:2.3:a:zabbix:zabbix:1.3.3:beta::::::
zabbix	zabbix	1.3.4	cpe:2.3:a:zabbix:zabbix:1.3.4:beta::::::
zabbix	zabbix	1.3.5	cpe:2.3:a:zabbix:zabbix:1.3.5:beta::::::
zabbix	zabbix	1.3.6	cpe:2.3:a:zabbix:zabbix:1.3.6:beta::::::
zabbix	zabbix	1.3.7	cpe:2.3:a:zabbix:zabbix:1.3.7:beta::::::
zabbix	zabbix	1.3.8	cpe:2.3:a:zabbix:zabbix:1.3.8:beta::::::
zabbix	zabbix	1.4	cpe:2.3:a:zabbix:zabbix:1.4:::::::*
zabbix	zabbix	1.4.1	cpe:2.3:a:zabbix:zabbix:1.4.1:::::::*
zabbix	zabbix	1.4.2	cpe:2.3:a:zabbix:zabbix:1.4.2:::::::*
zabbix	zabbix	1.4.3	cpe:2.3:a:zabbix:zabbix:1.4.3:::::::*
zabbix	zabbix	1.4.4	cpe:2.3:a:zabbix:zabbix:1.4.4:::::::*
zabbix	zabbix	1.4.5	cpe:2.3:a:zabbix:zabbix:1.4.5:::::::*
zabbix	zabbix	1.4.6	cpe:2.3:a:zabbix:zabbix:1.4.6:::::::*
zabbix	zabbix	1.5	cpe:2.3:a:zabbix:zabbix:1.5:beta::::::
zabbix	zabbix	1.5.1	cpe:2.3:a:zabbix:zabbix:1.5.1:beta::::::
zabbix	zabbix	1.5.2	cpe:2.3:a:zabbix:zabbix:1.5.2:beta::::::
zabbix	zabbix	1.5.3	cpe:2.3:a:zabbix:zabbix:1.5.3:beta::::::
zabbix	zabbix	1.5.4	cpe:2.3:a:zabbix:zabbix:1.5.4:beta::::::
zabbix	zabbix	1.6	cpe:2.3:a:zabbix:zabbix:1.6:::::::*
zabbix	zabbix	1.6.1	cpe:2.3:a:zabbix:zabbix:1.6.1:::::::*
zabbix	zabbix	1.6.2	cpe:2.3:a:zabbix:zabbix:1.6.2:::::::*
zabbix	zabbix	1.6.3	cpe:2.3:a:zabbix:zabbix:1.6.3:::::::*
zabbix	zabbix	1.6.4	cpe:2.3:a:zabbix:zabbix:1.6.4:::::::*
zabbix	zabbix	1.6.5	cpe:2.3:a:zabbix:zabbix:1.6.5:::::::*
zabbix	zabbix	1.6.6	cpe:2.3:a:zabbix:zabbix:1.6.6:::::::*
zabbix	zabbix	1.6.7	cpe:2.3:a:zabbix:zabbix:1.6.7:::::::*
zabbix	zabbix	1.6.8	cpe:2.3:a:zabbix:zabbix:1.6.8:::::::*
zabbix	zabbix	1.6.9	cpe:2.3:a:zabbix:zabbix:1.6.9:::::::*
zabbix	zabbix	1.7	cpe:2.3:a:zabbix:zabbix:1.7:::::::*
zabbix	zabbix	1.7.1	cpe:2.3:a:zabbix:zabbix:1.7.1:::::::*
zabbix	zabbix	1.7.2	cpe:2.3:a:zabbix:zabbix:1.7.2:::::::*
zabbix	zabbix	1.7.3	cpe:2.3:a:zabbix:zabbix:1.7.3:::::::*
zabbix	zabbix	1.7.4	cpe:2.3:a:zabbix:zabbix:1.7.4:::::::*
zabbix	zabbix	1.8	cpe:2.3:a:zabbix:zabbix:1.8:::::::*
zabbix	zabbix	1.8.1	cpe:2.3:a:zabbix:zabbix:1.8.1:::::::*
zabbix	zabbix	1.8.2	cpe:2.3:a:zabbix:zabbix:1.8.2:::::::*
zabbix	zabbix	1.8.3	cpe:2.3:a:zabbix:zabbix:1.8.3:::::::*
zabbix	zabbix	1.8.3	cpe:2.3:a:zabbix:zabbix:1.8.3:rc1::::::
zabbix	zabbix	1.8.3	cpe:2.3:a:zabbix:zabbix:1.8.3:rc2::::::
zabbix	zabbix	1.8.3	cpe:2.3:a:zabbix:zabbix:1.8.3:rc3::::::
zabbix	zabbix	1.8.3	cpe:2.3:a:zabbix:zabbix:1.8.3:rc4::::::
zabbix	zabbix	1.8.4	cpe:2.3:a:zabbix:zabbix:1.8.4:::::::*
zabbix	zabbix	1.8.4	cpe:2.3:a:zabbix:zabbix:1.8.4:rc1::::::
zabbix	zabbix	1.8.4	cpe:2.3:a:zabbix:zabbix:1.8.4:rc2::::::
zabbix	zabbix	1.8.4	cpe:2.3:a:zabbix:zabbix:1.8.4:rc3::::::
zabbix	zabbix	1.8.4	cpe:2.3:a:zabbix:zabbix:1.8.4:rc4::::::
zabbix	zabbix	1.8.5	cpe:2.3:a:zabbix:zabbix:1.8.5:::::::*
zabbix	zabbix	1.8.5	cpe:2.3:a:zabbix:zabbix:1.8.5:rc1::::::
zabbix	zabbix	1.8.6	cpe:2.3:a:zabbix:zabbix:1.8.6:::::::*
zabbix	zabbix	1.8.6	cpe:2.3:a:zabbix:zabbix:1.8.6:rc1::::::
zabbix	zabbix	1.8.6	cpe:2.3:a:zabbix:zabbix:1.8.6:rc2::::::
zabbix	zabbix	1.8.7	cpe:2.3:a:zabbix:zabbix:1.8.7:::::::*
zabbix	zabbix	1.8.7	cpe:2.3:a:zabbix:zabbix:1.8.7:rc1::::::
zabbix	zabbix	1.8.8	cpe:2.3:a:zabbix:zabbix:1.8.8:::::::*
zabbix	zabbix	1.8.8	cpe:2.3:a:zabbix:zabbix:1.8.8:rc1::::::
zabbix	zabbix	1.8.8	cpe:2.3:a:zabbix:zabbix:1.8.8:rc2::::::
zabbix	zabbix	1.8.8	cpe:2.3:a:zabbix:zabbix:1.8.8:rc3::::::

References for CVE-2011-5027

URL	Tags
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071660.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071687.html
http://osvdb.org/77772
http://secunia.com/advisories/47216	Vendor Advisory
http://www.securityfocus.com/bid/51093
http://www.zabbix.com/rn1.8.10.php
https://support.zabbix.com/browse/ZBX-4015	Vendor Advisory

URL

CVE-2011-5027

Exploit prediction scoring system (EPSS) score for CVE-2011-5027

Common vulnerability scoring system (CVSS) metrics for CVE-2011-5027

Weakness enumeration for CVE-2011-5027

OS Trackers for CVE-2011-5027

Affected software / configurations for CVE-2011-5027

References for CVE-2011-5027