An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. https://support.zabbix.com/browse/ZBX-21350
Created zabbix tracking bugs for this issue: Affects: epel-8 [bug 2126861] Affects: fedora-all [bug 2126862]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.