CVE ID :CVE-2026-23928 Published : May 6, 2026, 7 a.m. | 1 hour, 30 minutes ago Description :The Item history widget (in Zabbix 7.0+) or the Plain text widget (in Zabbix 6.0) can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would have to come from a monitored host controlled by the attacker. Note: the Item history widget is a replacement for the Plain text widget since Zabbix 7.0. Severity: 7.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...