Lucene search
MitreCVELIST:CVE-2022-24682HistoryFeb 09, 2022 - 3:19 a.m.
CVE-2022-24682
2022-02-0903:19:04
mitre
www.cve.org
1
0.019 Low
EPSS
Percentile
88.7%
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
References
blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/
wiki.zimbra.com/wiki/Security_Center
wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30
wiki.zimbra.com/wiki/Zimbra_Security_Advisories
www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Related
nessus
nessus
Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 30 XSS
2022-06-21 00:00:00
attackerkb
attackerkb
CVE-2022-24682
2022-02-09 00:00:00
cve
cve
CVE-2022-24682
2022-02-09 04:15:07
checkpoint_advisories
checkpoint_advisories
Zimbra Webmail Cross Site Scripting (CVE-2022-24682)
2022-04-10 00:00:00
cisa_kev
cisa_kev
Zimbra Webmail Cross-Site Scripting Vulnerability
2022-02-25 00:00:00
malwarebytes
malwarebytes
Ransomware review: June 2023
2023-06-09 11:30:00
Act now! In-the-wild Zimbra vulnerability needs a workaround
2023-07-17 12:30:00
prion
prion
Design/Logic Flaw
2022-02-09 04:15:00
osv
osv
CVE-2022-24682
2022-02-09 04:15:07
nvd
nvd
CVE-2022-24682
2022-02-09 04:15:07
cisa
cisa
CISA Adds Four Known Exploited Vulnerabilities to Catalog
2022-02-25 00:00:00
thn
thn
ics
ics
Threat Actors Exploiting Multiple CVEs Against Zimbra Collaboration Suite
2023-01-27 12:00:00
2022 Top Routinely Exploited Vulnerabilities
2023-08-03 12:00:00