Security Advisory

CVE-2024-45699

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-04-02 06:12:58

Last updated 2025-11-03 19:30:55

Assigner Zabbix

State PUBLISHED

Description

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victims browser.

← Browse all CVEs View on cve.org ↗