3 matches found
Zimbra CVE-2024-27443 XSS Flaw Hits 129K Servers, Sednit Suspected
A critical XSS vulnerability, CVE-2024-27443, in Zimbra Collaboration Suite's CalendarInvite feature is actively being exploited, potentially by the…...
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Zimbra Collaboration contains a cross-site scripting XSS vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript...
CVE-2024-27443
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...