Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2024-33536
HistoryAug 12, 2024 - 12:00 a.m.

CVE-2024-33536

2024-08-1200:00:00
mitre
www.cve.org
3
zimbra collaboration
input validation
authenticated attacker
javascript code
browser session
url parameter

EPSS

0

Percentile

14.6%

JSON

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user’s browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed.

Related

vulnrichment 1
nvd 1
cve 1
vulnrichment
vulnrichment
CVE-2024-33536
2024-08-12 00:00:00
nvd
nvd
CVE-2024-33536
2024-08-12 15:15:20
cve
cve
CVE-2024-33536
2024-08-12 15:15:20

EPSS

0

Percentile

14.6%

JSON
Related for CVELIST:CVE-2024-33536
vulnrichment1nvd1cve1