5.4
CVE-2024-45512
- EPSS 0.15%
- Veröffentlicht 21.11.2024 16:15:25
- Zuletzt bearbeitet 11.06.2025 21:17:07
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with the folder share notification, the malicious script executes in their browser. This stored Cross-Site Scripting (XSS) vulnerability can lead to unauthorized actions within the victim's session.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch National Vulnerability Database (NVD)
Synacor ≫ Zimbra Collaboration Suite Version < 9.0.0
Synacor ≫ Zimbra Collaboration Suite Version >= 10.0.0 < 10.0.9
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Update-
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep1
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep10
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep11
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep12
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep13
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep14
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep15
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep16
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep17
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep18
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep19
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep2
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep20
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep21
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep22
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep23
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep24
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep24.1
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep25
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep26
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep27
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep28
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep29
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep3
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep30
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep31
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep32
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep33
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep34
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep35
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep36
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep37
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep38
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep39
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep4
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep40
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep5
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep6
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep7
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep8
Synacor ≫ Zimbra Collaboration Suite Version9.0.0 Updatep9
Synacor ≫ Zimbra Collaboration Suite Version10.1.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.15% | 0.356 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.4 | 2.3 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.