vulnerability

Zimbra Collaboration: CVE-2024-27443: An XSS vulnerability.

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:L/Au:N/C:P/I:P/A:N)	2024-08-12	2025-01-10	2025-03-18

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:N)

Published

2024-08-12

Added

2025-01-10

Modified

2025-03-18

Description

An issue was discovered in zimbra collaboration (zcs) 9.0 and 10.0. a cross-site scripting (xss) vulnerability exists in the calendarinvite feature of the zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. an attacker can exploit this via an email message containing a crafted calendar header with an embedded xss payload. when a victim views this message in the zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary javascript code.

Solution

zimbra-collaboration-upgrade-latest

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today