Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2024-27443
HistoryAug 12, 2024 - 3:15 p.m.

CVE-2024-27443

2024-08-1215:15:20
CWE-79
mitre
web.nvd.nist.gov
26
zimbra collaboration
xss vulnerability
calendarinvite
webmail
input validation
email message
crafted calendar header
xss payload
victim's session

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim’s session, potentially leading to execution of arbitrary JavaScript code.

Affected configurations

Nvd
Node
zimbracollaborationRange10.0.010.0.7
OR
zimbracollaborationMatch9.0.0-
OR
zimbracollaborationMatch9.0.0p0
OR
zimbracollaborationMatch9.0.0p1
OR
zimbracollaborationMatch9.0.0p10
OR
zimbracollaborationMatch9.0.0p11
OR
zimbracollaborationMatch9.0.0p12
OR
zimbracollaborationMatch9.0.0p13
OR
zimbracollaborationMatch9.0.0p14
OR
zimbracollaborationMatch9.0.0p15
OR
zimbracollaborationMatch9.0.0p16
OR
zimbracollaborationMatch9.0.0p19
OR
zimbracollaborationMatch9.0.0p2
OR
zimbracollaborationMatch9.0.0p20
OR
zimbracollaborationMatch9.0.0p21
OR
zimbracollaborationMatch9.0.0p23
OR
zimbracollaborationMatch9.0.0p24
OR
zimbracollaborationMatch9.0.0p24.1
OR
zimbracollaborationMatch9.0.0p25
OR
zimbracollaborationMatch9.0.0p26
OR
zimbracollaborationMatch9.0.0p27
OR
zimbracollaborationMatch9.0.0p3
OR
zimbracollaborationMatch9.0.0p30
OR
zimbracollaborationMatch9.0.0p31
OR
zimbracollaborationMatch9.0.0p32
OR
zimbracollaborationMatch9.0.0p33
OR
zimbracollaborationMatch9.0.0p34
OR
zimbracollaborationMatch9.0.0p35
OR
zimbracollaborationMatch9.0.0p36
OR
zimbracollaborationMatch9.0.0p37
OR
zimbracollaborationMatch9.0.0p38
OR
zimbracollaborationMatch9.0.0p4
OR
zimbracollaborationMatch9.0.0p5
OR
zimbracollaborationMatch9.0.0p6
OR
zimbracollaborationMatch9.0.0p7
OR
zimbracollaborationMatch9.0.0p7.1
OR
zimbracollaborationMatch9.0.0p8
OR
zimbracollaborationMatch9.0.0p9
VendorProductVersionCPE
zimbracollaboration*cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*
Rows per page:
1-10 of 381

Related

vulnrichment 1
cvelist 1
nvd 1
vulnrichment
vulnrichment
CVE-2024-27443
2024-08-12 00:00:00
cvelist
cvelist
CVE-2024-27443
2024-08-12 00:00:00
nvd
nvd
CVE-2024-27443
2024-08-12 15:15:20

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

17.7%

JSON
Related for CVE-2024-27443
vulnrichment1cvelist1nvd1