← Back

CVE-2022-24682

nvd nistnuclei
Published: Feb 9, 2022Modified: Nov 4, 2025CISA KEV

JSON object

Loading...
6.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.8 / Impact: 2.7
Source: NVD

Description

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.

Affected (31)

Synacor
1 product
Zimbra Collaboration Suite
Configuration A
31 vulnerable
Vulnerable SoftwareAffected Versions
Synacor
Zimbra Collaboration Suite
From 8.8.0 to 8.8.15
Zimbra Collaboration Suite
Version 8.8.15
Zimbra Collaboration Suite
Version 8.8.15 p10
Zimbra Collaboration Suite
Version 8.8.15 p11
Zimbra Collaboration Suite
Version 8.8.15 p12
Zimbra Collaboration Suite
Version 8.8.15 p13
Zimbra Collaboration Suite
Version 8.8.15 p14
Zimbra Collaboration Suite
Version 8.8.15 p15
Zimbra Collaboration Suite
Version 8.8.15 p16
Zimbra Collaboration Suite
Version 8.8.15 p17
Zimbra Collaboration Suite
Version 8.8.15 p18
Zimbra Collaboration Suite
Version 8.8.15 p19
Zimbra Collaboration Suite
Version 8.8.15 p1
Zimbra Collaboration Suite
Version 8.8.15 p20
Zimbra Collaboration Suite
Version 8.8.15 p21
Zimbra Collaboration Suite
Version 8.8.15 p22
Zimbra Collaboration Suite
Version 8.8.15 p23
Zimbra Collaboration Suite
Version 8.8.15 p24
Zimbra Collaboration Suite
Version 8.8.15 p25
Zimbra Collaboration Suite
Version 8.8.15 p26
Zimbra Collaboration Suite
Version 8.8.15 p27
Zimbra Collaboration Suite
Version 8.8.15 p28
Zimbra Collaboration Suite
Version 8.8.15 p29
Zimbra Collaboration Suite
Version 8.8.15 p2
Zimbra Collaboration Suite
Version 8.8.15 p3
Zimbra Collaboration Suite
Version 8.8.15 p4
Zimbra Collaboration Suite
Version 8.8.15 p5
Zimbra Collaboration Suite
Version 8.8.15 p6
Zimbra Collaboration Suite
Version 8.8.15 p7
Zimbra Collaboration Suite
Version 8.8.15 p8
Zimbra Collaboration Suite
Version 8.8.15 p9

Related CWEs

CWE-116
Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References (11)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Release NotesVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release NotesVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.