CVE-2024-33536

EPSS 0.13%
Veröffentlicht 12.08.2024 15:15:20
Zuletzt bearbeitet 25.03.2025 17:15:55
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Zimbra ≫ Collaboration Version >= 10.0.0 < 10.0.8

Zimbra ≫ Collaboration Version9.0.0 Update-

Zimbra ≫ Collaboration Version9.0.0 Updatep0

Zimbra ≫ Collaboration Version9.0.0 Updatep1

Zimbra ≫ Collaboration Version9.0.0 Updatep10

Zimbra ≫ Collaboration Version9.0.0 Updatep11

Zimbra ≫ Collaboration Version9.0.0 Updatep12

Zimbra ≫ Collaboration Version9.0.0 Updatep13

Zimbra ≫ Collaboration Version9.0.0 Updatep14

Zimbra ≫ Collaboration Version9.0.0 Updatep15

Zimbra ≫ Collaboration Version9.0.0 Updatep16

Zimbra ≫ Collaboration Version9.0.0 Updatep19

Zimbra ≫ Collaboration Version9.0.0 Updatep2

Zimbra ≫ Collaboration Version9.0.0 Updatep20

Zimbra ≫ Collaboration Version9.0.0 Updatep21

Zimbra ≫ Collaboration Version9.0.0 Updatep23

Zimbra ≫ Collaboration Version9.0.0 Updatep24

Zimbra ≫ Collaboration Version9.0.0 Updatep24.1

Zimbra ≫ Collaboration Version9.0.0 Updatep25

Zimbra ≫ Collaboration Version9.0.0 Updatep26

Zimbra ≫ Collaboration Version9.0.0 Updatep27

Zimbra ≫ Collaboration Version9.0.0 Updatep3

Zimbra ≫ Collaboration Version9.0.0 Updatep30

Zimbra ≫ Collaboration Version9.0.0 Updatep31

Zimbra ≫ Collaboration Version9.0.0 Updatep32

Zimbra ≫ Collaboration Version9.0.0 Updatep33

Zimbra ≫ Collaboration Version9.0.0 Updatep34

Zimbra ≫ Collaboration Version9.0.0 Updatep35

Zimbra ≫ Collaboration Version9.0.0 Updatep36

Zimbra ≫ Collaboration Version9.0.0 Updatep37

Zimbra ≫ Collaboration Version9.0.0 Updatep38

Zimbra ≫ Collaboration Version9.0.0 Updatep39

Zimbra ≫ Collaboration Version9.0.0 Updatep4

Zimbra ≫ Collaboration Version9.0.0 Updatep5

Zimbra ≫ Collaboration Version9.0.0 Updatep6

Zimbra ≫ Collaboration Version9.0.0 Updatep7

Zimbra ≫ Collaboration Version9.0.0 Updatep7.1

Zimbra ≫ Collaboration Version9.0.0 Updatep8

Zimbra ≫ Collaboration Version9.0.0 Updatep9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.329

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-33536

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-33536

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-33536

EUVD