Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-26254

Reflected XSS vulnerability in /zabbix.php?action=export.valuemaps (CVE-2024-45699)

XMLWordPrintable

    • Icon: Defect (Security) Defect (Security)
    • Resolution: Fixed
    • Icon: Major Major
    • None
    • None
    • Frontend (F)
    • None

      The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

            zabbix.support Zabbix Support Team
            jnulle Janis Nulle
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: