← Zuruck zu CVEs
CVE-2022-24682
MEDIUMCISA KEV6.1
Beschreibung
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
CVE Details
CVSS v3.1 Bewertung6.1
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionREQUIRED
Veroffentlicht2/9/2022
Zuletzt geandert11/4/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerSynacor
ProduktZimbra Collaborate Suite (ZCS)
SchwachstellennameSynacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability
KEV Aufnahmedatum2022-02-25
Behebungsfrist2022-03-11
Ransomware-NutzungKnown
Betroffene Produkte
synacor:zimbra_collaboration_suite
Schwachen (CWE)
CWE-116CWE-116
Referenzen
https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/(cve@mitre.org)
https://wiki.zimbra.com/wiki/Security_Center(cve@mitre.org)
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30(cve@mitre.org)
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories(cve@mitre.org)
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/(cve@mitre.org)
https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.zimbra.com/wiki/Security_Center(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories(af854a3a-2127-422b-91ae-364da2661108)
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.