Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-45699

Опубликовано: 02 апр. 2025
Источник: debian
EPSS Низкий

Описание

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
zabbixfixed1:7.0.9+dfsg-1package

Примечания

  • https://support.zabbix.com/browse/ZBX-26254

  • Fixed by: https://github.com/zabbix/zabbix/commit/4c2cf43fade6ea6239f9cba32527a547461bdec9 (7.0.7rc1)

  • Fixed by (merge commit): https://github.com/zabbix/zabbix/commit/6b98ae293a088183b1c1ba0428664d76f98ef36c (6.0.37rc1)

EPSS

Процентиль: 12%
0.00043
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-45699

ubuntu
5 месяцев назад

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

nvd логотип

CVE-2024-45699

nvd
5 месяцев назад

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

github логотип

GHSA-xc8w-x6qp-w4p7

github
5 месяцев назад

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

fstec логотип

BDU:2025-05634

CVSS3: 7.5
fstec
5 месяцев назад

Уязвимость веб-интейрфеса универсальной системы мониторинга Zabbix, позволяющая нарушителю провести атаку межсайтового скриптинга

redos логотип

ROS-20250616-24

CVSS3: 7.5
redos
3 месяца назад

Уязвимость zabbix-server-pgsql

EPSS

Процентиль: 12%
0.00043
Низкий