In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsThere is no fixed version for Debian:12
zabbix
.
Note: Versions mentioned in the description apply only to the upstream zabbix
package and not the zabbix
package as distributed by Debian
.
See How to fix?
for Debian:12
relevant fixed versions and status.
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.