CVE-2023-32721: 
Zabbix Server vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in the Zabbix web application (CVE-2023-32721), specifically affecting the Maps element when a URL field is set with spaces before the URL. The vulnerability was reported in September 2023 and affects multiple versions of Zabbix including versions 4.0.0 through 4.0.47, 5.0.0 through 5.0.36, 6.0.0 through 6.0.20, 6.4.0 through 6.4.5, and 7.0.0 alpha versions (Zabbix Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.6 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction. The scope is changed, with low confidentiality impact and high integrity impact, but no availability impact (Zabbix Advisory, NVD).

In a worst-case scenario, successful exploitation of this vulnerability could allow an attacker to execute JavaScript code within the victim's browser. The potential consequences include session hijacking, user impersonation, and client-side attacks (Zabbix Advisory).

The vulnerability has been fixed in Zabbix versions 4.0.48rc1, 5.0.37rc1, 6.0.21rc1, 6.4.6rc1, and 7.0.0alpha4. Users are advised to upgrade to these or later versions to mitigate the vulnerability (Zabbix Advisory, Debian Advisory).