← Back

CVE-2024-45510

nvd nist
Published: Nov 20, 2024Modified: Jun 11, 2025

JSON object

Loading...
5.4
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox exfiltration, profile picture alteration, and other malicious actions. Proper sanitization and escaping of input fields are necessary to mitigate this vulnerability.

Affected (44)

Synacor
1 product
Zimbra Collaboration Suite
Configuration A
44 vulnerable
Vulnerable SoftwareAffected Versions
Synacor
Zimbra Collaboration Suite
Before 9.0.0
Zimbra Collaboration Suite
From 10.0.0 to 10.0.9
Zimbra Collaboration Suite
Version 9.0.0
Zimbra Collaboration Suite
Version 9.0.0 p10
Zimbra Collaboration Suite
Version 9.0.0 p11
Zimbra Collaboration Suite
Version 9.0.0 p12
Zimbra Collaboration Suite
Version 9.0.0 p13
Zimbra Collaboration Suite
Version 9.0.0 p14
Zimbra Collaboration Suite
Version 9.0.0 p15
Zimbra Collaboration Suite
Version 9.0.0 p16
Zimbra Collaboration Suite
Version 9.0.0 p17
Zimbra Collaboration Suite
Version 9.0.0 p18
Zimbra Collaboration Suite
Version 9.0.0 p19
Zimbra Collaboration Suite
Version 9.0.0 p1
Zimbra Collaboration Suite
Version 9.0.0 p20
Zimbra Collaboration Suite
Version 9.0.0 p21
Zimbra Collaboration Suite
Version 9.0.0 p22
Zimbra Collaboration Suite
Version 9.0.0 p23
Zimbra Collaboration Suite
Version 9.0.0 p24.1
Zimbra Collaboration Suite
Version 9.0.0 p24
Zimbra Collaboration Suite
Version 9.0.0 p25
Zimbra Collaboration Suite
Version 9.0.0 p26
Zimbra Collaboration Suite
Version 9.0.0 p27
Zimbra Collaboration Suite
Version 9.0.0 p28
Zimbra Collaboration Suite
Version 9.0.0 p29
Zimbra Collaboration Suite
Version 9.0.0 p2
Zimbra Collaboration Suite
Version 9.0.0 p30
Zimbra Collaboration Suite
Version 9.0.0 p31
Zimbra Collaboration Suite
Version 9.0.0 p32
Zimbra Collaboration Suite
Version 9.0.0 p33
Zimbra Collaboration Suite
Version 9.0.0 p34
Zimbra Collaboration Suite
Version 9.0.0 p35
Zimbra Collaboration Suite
Version 9.0.0 p36
Zimbra Collaboration Suite
Version 9.0.0 p37
Zimbra Collaboration Suite
Version 9.0.0 p38
Zimbra Collaboration Suite
Version 9.0.0 p39
Zimbra Collaboration Suite
Version 9.0.0 p3
Zimbra Collaboration Suite
Version 9.0.0 p40
Zimbra Collaboration Suite
Version 9.0.0 p4
Zimbra Collaboration Suite
Version 9.0.0 p5
Zimbra Collaboration Suite
Version 9.0.0 p6
Zimbra Collaboration Suite
Version 9.0.0 p7
Zimbra Collaboration Suite
Version 9.0.0 p8
Zimbra Collaboration Suite
Version 9.0.0 p9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (5)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Release Notes
Source: cve@mitre.org
Product

Timeline

No history available yet.