Description
The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | | 1:7.0.9+dfsg-1 |
debian 11 | | =1:5.0.14+dfsg-1 || =1:5.0.14+dfsg-1~bpo11+1 || =1:5.0.17+dfsg-1 || =1:5.0.17+dfsg-1~bpo11+1 || =1:5.0.44+dfsg-1+deb11u1 || =1:5.0.45+dfsg-1+deb11u1 || =1:5.0.8+dfsg-1 || >=0 <1:5.0.46+dfsg-1+deb11u1 | 1:5.0.46+dfsg-1+deb11u1 |
debian 12 | | =1:6.0.14+dfsg-1 || =1:6.0.23+dfsg-1 || =1:6.0.23+dfsg-1~bpo12+1 || =1:6.0.24+dfsg-1 || =1:6.0.25+dfsg-1 || =1:6.0.29+dfsg-1 || =1:7.0.0+dfsg-1 || =1:7.0.0+dfsg-2 || =1:7.0.0+dfsg-2~bpo12+1 || =1:7.0.1+dfsg-1 || =1:7.0.1+dfsg-1~bpo12+1 || =1:7.0.10+dfsg-1 || =1:7.0.10+dfsg-2 || =1:7.0.2+dfsg-1 || =1:7.0.2+dfsg-1~bpo12+1 || =1:7.0.22+dfsg-1 || =1:7.0.22+dfsg-1~bpo13+1 || =1:7.0.22+dfsg-1~deb13u1 || =1:7.0.3+dfsg-1 || =1:7.0.5+dfsg-1 || =1:7.0.5+dfsg-1~bpo12+1 || =1:7.0.6+dfsg-1 || =1:7.0.9+dfsg-1 || =1:7.0.9+dfsg-1~bpo12+1 | - |
debian 14 | | | 1:7.0.9+dfsg-1 |
