Lucene search

[email protected]NVD:CVE-2024-33536

HistoryAug 12, 2024 - 3:15 p.m.

CVE-2024-33536

2024-08-1215:15:20

CWE-79

[email protected]

web.nvd.nist.gov

zimbra collaboration

input validation

authenticated attacker

arbitrary javascript

browser session

malicious file

url crafting

vulnerability

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

Percentile

14.6%

JSON

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user’s browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed.

Affected configurations

Nvd

Node

zimbracollaborationRange10.0.0–10.0.8

zimbracollaborationMatch9.0.0-

zimbracollaborationMatch9.0.0p0

zimbracollaborationMatch9.0.0p1

zimbracollaborationMatch9.0.0p10

zimbracollaborationMatch9.0.0p11

zimbracollaborationMatch9.0.0p12

zimbracollaborationMatch9.0.0p13

zimbracollaborationMatch9.0.0p14

zimbracollaborationMatch9.0.0p15

zimbracollaborationMatch9.0.0p16

zimbracollaborationMatch9.0.0p19

zimbracollaborationMatch9.0.0p2

zimbracollaborationMatch9.0.0p20

zimbracollaborationMatch9.0.0p21

zimbracollaborationMatch9.0.0p23

zimbracollaborationMatch9.0.0p24

zimbracollaborationMatch9.0.0p24.1

zimbracollaborationMatch9.0.0p25

zimbracollaborationMatch9.0.0p26

zimbracollaborationMatch9.0.0p27

zimbracollaborationMatch9.0.0p3

zimbracollaborationMatch9.0.0p30

zimbracollaborationMatch9.0.0p31

zimbracollaborationMatch9.0.0p32

zimbracollaborationMatch9.0.0p33

zimbracollaborationMatch9.0.0p34

zimbracollaborationMatch9.0.0p35

zimbracollaborationMatch9.0.0p36

zimbracollaborationMatch9.0.0p37

zimbracollaborationMatch9.0.0p38

zimbracollaborationMatch9.0.0p39

zimbracollaborationMatch9.0.0p4

zimbracollaborationMatch9.0.0p5

zimbracollaborationMatch9.0.0p6

zimbracollaborationMatch9.0.0p7

zimbracollaborationMatch9.0.0p7.1

zimbracollaborationMatch9.0.0p8

zimbracollaborationMatch9.0.0p9

VendorProductVersionCPE
zimbracollaboration*cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*
zimbracollaboration9.0.0cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*

Vendor	Product	Version	CPE
zimbra	collaboration	*	cpe:2.3:a:zimbra:collaboration::::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:-::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:p0::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:p1::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:p10::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:p11::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:p12::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:p13::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:p14::::::
zimbra	collaboration	9.0.0	cpe:2.3:a:zimbra:collaboration:9.0.0:p15::::::

Rows per page:

1-10 of 391

References

wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes

wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes