CVE-2024-45699 HIGH

CVE-2024-45699: Reflected XSS vulnerability in /zabbix.php?action=export.valuemaps

Vendor Zabbix
Product Zabbix
Weakness CWE-79 · XSS
Published April 2, 2025
Last update November 3, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

April 2, 2025 CVE published
November 3, 2025 Record updated