Primary

Context

Zabbix Cross-Site Scripting Vulnerability in Value Maps Export Action

Vulnerability

Patched

A reflected cross-site scripting vulnerability has been identified in Zabbix within the endpoint '/zabbix.php?action=export.valuemaps'. This issue arises from the backurl parameter, which reflects user-supplied data without proper HTML escaping or output encoding. Consequently, this flaw allows the injection of a JavaScript payload that is executed in the context of the victim's browser.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious JavaScript that is executed in the context of the user's browser.

Remediation

Users can upgrade to Zabbix versions 6.0.37rc1, 6.4.21rc1, or 7.0.7rc1 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.2

impact

1.7

exploitability

6.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zabbix Cross-Site Scripting Vulnerability in Value Maps Export Action

Vulnerability

Impact

Remediation

Affected Products

Zabbix

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating