Zabbix: Cross-Site Scripting (XSS) Vulnerability in Export Endpoint - Proactive Insights and Support For Open-Source Applications

In Zabbix Server versions 6.0.0 up to 6.0.36, 6.4.0 up to 6.4.20 and 7.0.0 up to 7.0.6 a high severity vulnerability CVE-2024-45699 was detected. This vulnerability allows attackers to inject a JavaScript payload through the backurl parameter in the /zabbix.php?action=export.valuemaps endpoint, leading to a Cross-Site Scripting (XSS) attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-45699.