CVE-2024-45699 Affecting zabbix package, versions *


Severity

Recommended
low

Based on default assessment until relevant scores are available.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-DEBIAN12-ZABBIX-9634159
  • published3 Apr 2025
  • disclosed2 Apr 2025

Introduced: 2 Apr 2025

NewCVE-2024-45699  (opens in a new tab)

How to fix?

There is no fixed version for Debian:12 zabbix.

NVD Description

Note: Versions mentioned in the description apply only to the upstream zabbix package and not the zabbix package as distributed by Debian. See How to fix? for Debian:12 relevant fixed versions and status.

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.