Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2022-24682

Published: 09/02/2022 Updated: 08/08/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Zimbra

Vulnerability Summary

An issue exists in the Calendar feature in Zimbra Collaboration Suite 8.8.x prior to 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

zimbra collaboration 8.8.15

zimbra collaboration

Github Repositories

https://github.com/v-p-b/xss-reflections

Reflections on Reflected XSS

Reflections on Reflected XSS This repository tracks real-world incidents where reflected XSS was exploited PR's welcome! Reflected XSS is among the most prevalent vulnerability classes discovered during web application security testing (penetration testing, code analysis, etc), but despite it prevalence, expolitaion of such vulnerabilities in real-world incidents seem to

Recent Articles

If you haven't patched Zimbra holes by now, assume you're toast
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Here's how to detect an intrusion via vulnerable email systems How do you choose a Cloud Security Provider?

Organizations that didn't immediately patch their Zimbra email systems should assume miscreants have already found and exploited the bugs, and should start hunting for malicious activity across IT networks, according to Uncle Sam. In a security alert updated on Monday, the US government's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned that cybercriminals are actively exploiting five vulnerabilities in the Zimbr...

Read more...

References

CWE-116https://wiki.zimbra.com/wiki/Zimbra_Security_Advisorieshttps://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/https://wiki.zimbra.com/wiki/Security_Centerhttps://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30https://nvd.nist.govhttps://github.com/v-p-b/xss-reflectionshttps://www.theregister.co.uk/2022/08/23/cisa_zimbra_signatures/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook