Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2022-24682
HistoryFeb 09, 2022 - 4:15 a.m.

CVE-2022-24682

2022-02-0904:15:00
CWE-116
[email protected]
web.nvd.nist.gov
905
In Wild
2
zimbra
collaboration suite
cve-2022-24682
exploited
html injection
javascript
nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.019 Low

EPSS

Percentile

88.5%

JSON

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.

Social References

More

Related

nessus 1
attackerkb 1
checkpoint_advisories 1
malwarebytes 2
prion 1
osv 1
cisa_kev 1
thn 2
cisa 1
ics 3
nessus
nessus
Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 30 XSS
2022-06-21 00:00:00
attackerkb
attackerkb
CVE-2022-24682
2022-02-09 00:00:00
checkpoint_advisories
checkpoint_advisories
Zimbra Webmail Cross Site Scripting (CVE-2022-24682)
2022-04-10 00:00:00
malwarebytes
malwarebytes
Ransomware review: June 2023
2023-06-09 11:30:00
Act now! In-the-wild Zimbra vulnerability needs a workaround
2023-07-17 12:30:00
prion
prion
Design/Logic Flaw
2022-02-09 04:15:00
osv
osv
CVE-2022-24682
2022-02-09 04:15:07
cisa_kev
cisa_kev
Zimbra Webmail Cross-Site Scripting Vulnerability
2022-02-25 00:00:00
thn
thn
CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog
2022-03-01 04:37:00
From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022
2023-03-21 09:54:00
cisa
cisa
CISA Adds Four Known Exploited Vulnerabilities to Catalog
2022-02-25 00:00:00
ics
ics
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
2023-01-27 12:00:00
NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
2023-10-05 12:00:00
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.019 Low

EPSS

Percentile

88.5%

JSON
Related for CVE-2022-24682
nessus1attackerkb1checkpoint_advisories1malwarebytes2prion1osv1cisa_kev1thn2cisa1ics3