CVE-2024-50599

Published: Nov 7, 2024Modified: Jun 17, 2025

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the HTML response.

Affected (47)

Products: Synacor: Zimbra Collaboration Suite

Synacor

1 product

Zimbra Collaboration Suite

Configuration A

47 vulnerable

Vulnerable Software	Affected Versions
Synacor Zimbra Collaboration Suite	Version 8.8.15
Synacor Zimbra Collaboration Suite	Version 8.8.15 p10
Synacor Zimbra Collaboration Suite	Version 8.8.15 p11
Synacor Zimbra Collaboration Suite	Version 8.8.15 p12
Synacor Zimbra Collaboration Suite	Version 8.8.15 p13
Synacor Zimbra Collaboration Suite	Version 8.8.15 p14
Synacor Zimbra Collaboration Suite	Version 8.8.15 p15
Synacor Zimbra Collaboration Suite	Version 8.8.15 p16
Synacor Zimbra Collaboration Suite	Version 8.8.15 p17
Synacor Zimbra Collaboration Suite	Version 8.8.15 p18
Synacor Zimbra Collaboration Suite	Version 8.8.15 p19
Synacor Zimbra Collaboration Suite	Version 8.8.15 p1
Synacor Zimbra Collaboration Suite	Version 8.8.15 p20
Synacor Zimbra Collaboration Suite	Version 8.8.15 p21
Synacor Zimbra Collaboration Suite	Version 8.8.15 p22
Synacor Zimbra Collaboration Suite	Version 8.8.15 p23
Synacor Zimbra Collaboration Suite	Version 8.8.15 p24
Synacor Zimbra Collaboration Suite	Version 8.8.15 p25
Synacor Zimbra Collaboration Suite	Version 8.8.15 p26
Synacor Zimbra Collaboration Suite	Version 8.8.15 p27
Synacor Zimbra Collaboration Suite	Version 8.8.15 p28
Synacor Zimbra Collaboration Suite	Version 8.8.15 p29
Synacor Zimbra Collaboration Suite	Version 8.8.15 p2
Synacor Zimbra Collaboration Suite	Version 8.8.15 p30
Synacor Zimbra Collaboration Suite	Version 8.8.15 p31.1
Synacor Zimbra Collaboration Suite	Version 8.8.15 p31
Synacor Zimbra Collaboration Suite	Version 8.8.15 p32
Synacor Zimbra Collaboration Suite	Version 8.8.15 p33
Synacor Zimbra Collaboration Suite	Version 8.8.15 p34
Synacor Zimbra Collaboration Suite	Version 8.8.15 p35
Synacor Zimbra Collaboration Suite	Version 8.8.15 p36
Synacor Zimbra Collaboration Suite	Version 8.8.15 p37
Synacor Zimbra Collaboration Suite	Version 8.8.15 p38
Synacor Zimbra Collaboration Suite	Version 8.8.15 p39
Synacor Zimbra Collaboration Suite	Version 8.8.15 p3
Synacor Zimbra Collaboration Suite	Version 8.8.15 p40
Synacor Zimbra Collaboration Suite	Version 8.8.15 p41
Synacor Zimbra Collaboration Suite	Version 8.8.15 p42
Synacor Zimbra Collaboration Suite	Version 8.8.15 p43
Synacor Zimbra Collaboration Suite	Version 8.8.15 p44
Synacor Zimbra Collaboration Suite	Version 8.8.15 p45
Synacor Zimbra Collaboration Suite	Version 8.8.15 p4
Synacor Zimbra Collaboration Suite	Version 8.8.15 p5
Synacor Zimbra Collaboration Suite	Version 8.8.15 p6
Synacor Zimbra Collaboration Suite	Version 8.8.15 p7
Synacor Zimbra Collaboration Suite	Version 8.8.15 p8
Synacor Zimbra Collaboration Suite	Version 8.8.15 p9

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes

Source: cve@mitre.org

Release Notes

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

Source: cve@mitre.org

Vendor Advisory

Timeline

No history available yet.