CVE-2024-45699

Name of the Vulnerable Software and Affected Versions Zabbix (affected versions not specified)

Description The endpoint "/zabbix.php?action=export.valuemaps" suffers from a Cross-Site Scripting issue via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding, allowing a JavaScript payload to be injected into the endpoint and executed within the context of the victim's browser.

Recommendations As a temporary workaround, consider restricting access to the "/zabbix.php?action=export.valuemaps" endpoint until a patch is available. Avoid using the backurl parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.