Zimbra CVE-2024-27443 XSS Flaw Hits 129K Servers, Sednit Suspected

A critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite's CalendarInvite feature is actively being exploited, potentially by the…...

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Zimbra Collaboration contains a cross-site scripting XSS vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript...

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

CVE-2024-27443

CVE-2024-27443 affects Zimbra Collaboration (ZCS) 9.0 and 10.0, with a cross-site scripting flaw in the CalendarInvite feature caused by improper input validation of the calendar header. An attacker can embed a payload in a crafted calendar header sent via email; when a recipient views the messag...

CVE-2024-27443

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...

PT-2024-21901 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite ZCS versions 9.0 through 10.0 Description: A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, due to improper input validation in the handling...