4.8

CVE-2024-45194

In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This injected code is stored on the server and executed in the context of the victim's browser when interacting with specific elements in the web interface. (The vulnerability can be mitigated by properly sanitizing input parameters to prevent the injection of malicious code.)
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SynacorZimbra Collaboration Suite Version >= 10.0.0 < 10.0.9
SynacorZimbra Collaboration Suite Version9.0.0 Update-
SynacorZimbra Collaboration Suite Version9.0.0 Updatep1
SynacorZimbra Collaboration Suite Version9.0.0 Updatep10
SynacorZimbra Collaboration Suite Version9.0.0 Updatep11
SynacorZimbra Collaboration Suite Version9.0.0 Updatep12
SynacorZimbra Collaboration Suite Version9.0.0 Updatep13
SynacorZimbra Collaboration Suite Version9.0.0 Updatep14
SynacorZimbra Collaboration Suite Version9.0.0 Updatep15
SynacorZimbra Collaboration Suite Version9.0.0 Updatep16
SynacorZimbra Collaboration Suite Version9.0.0 Updatep17
SynacorZimbra Collaboration Suite Version9.0.0 Updatep18
SynacorZimbra Collaboration Suite Version9.0.0 Updatep19
SynacorZimbra Collaboration Suite Version9.0.0 Updatep2
SynacorZimbra Collaboration Suite Version9.0.0 Updatep20
SynacorZimbra Collaboration Suite Version9.0.0 Updatep21
SynacorZimbra Collaboration Suite Version9.0.0 Updatep22
SynacorZimbra Collaboration Suite Version9.0.0 Updatep23
SynacorZimbra Collaboration Suite Version9.0.0 Updatep24
SynacorZimbra Collaboration Suite Version9.0.0 Updatep24.1
SynacorZimbra Collaboration Suite Version9.0.0 Updatep25
SynacorZimbra Collaboration Suite Version9.0.0 Updatep26
SynacorZimbra Collaboration Suite Version9.0.0 Updatep27
SynacorZimbra Collaboration Suite Version9.0.0 Updatep28
SynacorZimbra Collaboration Suite Version9.0.0 Updatep29
SynacorZimbra Collaboration Suite Version9.0.0 Updatep3
SynacorZimbra Collaboration Suite Version9.0.0 Updatep30
SynacorZimbra Collaboration Suite Version9.0.0 Updatep31
SynacorZimbra Collaboration Suite Version9.0.0 Updatep32
SynacorZimbra Collaboration Suite Version9.0.0 Updatep33
SynacorZimbra Collaboration Suite Version9.0.0 Updatep34
SynacorZimbra Collaboration Suite Version9.0.0 Updatep35
SynacorZimbra Collaboration Suite Version9.0.0 Updatep36
SynacorZimbra Collaboration Suite Version9.0.0 Updatep37
SynacorZimbra Collaboration Suite Version9.0.0 Updatep38
SynacorZimbra Collaboration Suite Version9.0.0 Updatep39
SynacorZimbra Collaboration Suite Version9.0.0 Updatep4
SynacorZimbra Collaboration Suite Version9.0.0 Updatep40
SynacorZimbra Collaboration Suite Version9.0.0 Updatep5
SynacorZimbra Collaboration Suite Version9.0.0 Updatep6
SynacorZimbra Collaboration Suite Version9.0.0 Updatep7
SynacorZimbra Collaboration Suite Version9.0.0 Updatep8
SynacorZimbra Collaboration Suite Version9.0.0 Updatep9
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.227
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 4.8 1.7 2.7
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.