← Voltar para CVEs
CVE-2022-24682
MEDIUMCISA KEV6.1
Descricao
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
Detalhes CVE
Pontuacao CVSS v3.16.1
SeveridadeMEDIUM
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioREQUIRED
Publicado2/9/2022
Ultima modificacao11/4/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorSynacor
ProdutoZimbra Collaborate Suite (ZCS)
Nome da vulnerabilidadeSynacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability
Data inclusao KEV2022-02-25
Prazo de remediacao2022-03-11
Uso em ransomwareKnown
Produtos afetados
synacor:zimbra_collaboration_suite
Fraquezas (CWE)
CWE-116CWE-116
Referencias
https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/(cve@mitre.org)
https://wiki.zimbra.com/wiki/Security_Center(cve@mitre.org)
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30(cve@mitre.org)
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories(cve@mitre.org)
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/(cve@mitre.org)
https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.zimbra.com/wiki/Security_Center(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories(af854a3a-2127-422b-91ae-364da2661108)
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.