Zimbra Collaboration Suite < 8.8.15 - Improper Encoding

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

Exploit for Improper Input Validation in Adobe Commerce

CVE-2022-24682 PoC How does this detection method work?...

Ransomware review: June 2023

This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim didn't pay a ransom. This provides the best overall picture of...

Zimbra Webmail Cross Site Scripting (CVE-2022-24682)

A cross site scripting vulnerability exists in Zimbra Webmail. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

CISA adds recently disclosed Zimbra bug to its Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency CISA expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild. Tracked as CVE-2022-24682 CVSS score: 6.1, the issue...

CISA Adds Four Known Exploited Vulnerabilities to Catalog

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types a...

CVE-2022-24682

creationtimestamp| type| source ---|---|--- 2022-02-09 07:12:32+00:00| exploited| https://t.me/cibsecurity/37046 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24 20:26:45+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2971267 2025-01-30 01:12:15+00:0...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

CVE-2022-24682

CVE-2022-24682 affects Zimbra Collaboration Suite 8.8.x (before 8.8.15 patch 30/update 1). A cross-site scripting (XSS) vulnerability in the Calendar/webmail UI allows an attacker to place HTML with executable JavaScript in element attributes, leading to unescaped markup and potential session coo...

CVE-2022-24682

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...