Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-45510

Date: November 19, 2024

An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox exfiltration, profile picture alteration, and other malicious actions. Proper sanitization and escaping of input fields are necessary to mitigate this vulnerability.

Language: Java

Severity Score

Related Resources (7)

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
https://nvd.nist.gov/vuln/detail/CVE-2024-45510
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
https://wiki.zimbra.com/wiki/Security_Center
https://www.mend.io/vulnerability-database/CVE-2024-45510

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us