{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-05T06:50:27.125","vulnerabilities":[{"cve":{"id":"CVE-2024-45699","sourceIdentifier":"security@zabbix.com","published":"2025-04-02T07:15:41.427","lastModified":"2025-11-03T20:16:30.800","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser."},{"lang":"es","value":"El endpoint /zabbix.php?action=export.valuemaps presenta una vulnerabilidad de Cross-Site Scripting a través del parámetro backurl. Esto se debe a la reflexión de datos proporcionados por el usuario sin el escape HTML ni la codificación de salida adecuados. Como resultado, se puede inyectar un payload de JavaScript en el endpoint mencionado, lo que provoca su ejecución en el contexto del navegador de la víctima."}],"metrics":{"cvssMetricV40":[{"source":"security@zabbix.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"ACTIVE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@zabbix.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*","versionStartIncluding":"6.0.0","versionEndExcluding":"6.0.37","matchCriteriaId":"A93BBE35-BC1D-4199-8FD7-D77B078186A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*","versionStartIncluding":"6.4.0","versionEndExcluding":"6.4.21","matchCriteriaId":"CCE15DA6-52BE-4D5B-B8E7-B951B40B9B78"},{"vulnerable":true,"criteria":"cpe:2.3:a:zabbix:zabbix:*:*:*:*:*:*:*:*","versionStartIncluding":"7.0.0","versionEndExcluding":"7.0.7","matchCriteriaId":"0787EBF7-3A83-4410-B4A2-68D63A739DA6"}]}]}],"references":[{"url":"https://support.zabbix.com/browse/ZBX-26254","source":"security@zabbix.com","tags":["Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00027.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}