CVE-2024-45699 Information
Description
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim’s browser.
Reference
https://support.zabbix.com/browse/ZBX-26254 The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim’s browser.
Share on: