CVE-2024-50599

EPSS 61.32%
Veröffentlicht 07.11.2024 21:15:06
Zuletzt bearbeitet 17.06.2025 18:41:30
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the HTML response.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 47 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Update-

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep1

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep10

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep11

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep12

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep13

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep14

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep15

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep16

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep17

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep18

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep19

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep2

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep20

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep21

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep22

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep23

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep24

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep25

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep26

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep27

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep28

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep29

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep3

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep30

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep31

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep31.1

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep32

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep33

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep34

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep35

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep36

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep37

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep38

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep39

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep4

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep40

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep41

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep42

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep43

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep44

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep45

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep5

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep6

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep7

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep8

Synacor ≫ Zimbra Collaboration Suite Version8.8.15 Updatep9

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	61.32%	0.99

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Vendor Advisory

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2024-50599

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-50599

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-50599

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-50599