← Voltar para CVEs

CVE-2024-45517

MEDIUM

5.4

Descricao

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's session. This issue is caused by improper sanitization of user input, leading to potential compromise of sensitive information. Exploitation requires user interaction to access the malicious URL.

Detalhes CVE

Pontuacao CVSS v3.15.4

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioREQUIRED

Publicado11/21/2024

Ultima modificacao6/11/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

synacor:zimbra_collaboration_suite

Fraquezas (CWE)

CWE-79

Referencias

https://wiki.zimbra.com/wiki/Security_Center(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes(cve@mitre.org)

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.