fkie_cve-2024-45516
Vulnerability from fkie_nvd
Published
2025-05-14 20:15
Modified
2025-06-11 21:20
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed <img> tags with embedded JavaScript. The vulnerability is triggered when a user views a specially crafted email in the Classic UI, requiring no additional user interaction.
References
cve@mitre.orghttps://wiki.zimbra.com/wiki/Security_CenterVendor Advisory
cve@mitre.orghttps://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_FixesRelease Notes
cve@mitre.orghttps://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_PolicyProduct
cve@mitre.orghttps://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
Impacted products
Vendor Product Version
synacor zimbra_collaboration_suite *
synacor zimbra_collaboration_suite *
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 8.8.15
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0
synacor zimbra_collaboration_suite 9.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E603BD7A-730E-410C-BBE1-3E5A8DD2A72F",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55361360-9F77-4731-82AD-82E65E4C5AA0",
              "versionEndExcluding": "10.1.4",
              "versionStartIncluding": "10.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*",
              "matchCriteriaId": "9E39A855-C0EB-4448-AE96-177757C40C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*",
              "matchCriteriaId": "FFE7BE6E-7A9A-40C7-B236-7A21103E9F41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p10:*:*:*:*:*:*",
              "matchCriteriaId": "B5924FFC-BA19-48B3-BF4D-0C2DB3FCD407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p11:*:*:*:*:*:*",
              "matchCriteriaId": "7822D273-C2CB-4EFE-B929-3D34C65E005E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p12:*:*:*:*:*:*",
              "matchCriteriaId": "F81528E8-FE3A-4C48-A747-34A3FF28BCAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p13:*:*:*:*:*:*",
              "matchCriteriaId": "D772D4BA-9ED6-492C-A0D3-0AF4F3D49037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p14:*:*:*:*:*:*",
              "matchCriteriaId": "C2A468FE-B59B-4CE9-B9B2-C836EEAFA3E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p15:*:*:*:*:*:*",
              "matchCriteriaId": "04BECDE0-F082-49FB-ACA2-5C808902AA17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p16:*:*:*:*:*:*",
              "matchCriteriaId": "56558FD4-4391-4199-BA6B-B53F5DC30144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p17:*:*:*:*:*:*",
              "matchCriteriaId": "69A530D3-B84E-427B-BC92-64BBFEF331BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p18:*:*:*:*:*:*",
              "matchCriteriaId": "3C0DCE7F-85A4-44C6-88C8-380B0BBBFA7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p19:*:*:*:*:*:*",
              "matchCriteriaId": "180AF8B6-55AE-460C-B613-37FB697B5325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*",
              "matchCriteriaId": "6FCB5528-70FD-4525-A78B-D5537609331A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p20:*:*:*:*:*:*",
              "matchCriteriaId": "34B07279-A26A-4EB1-8B33-885AD854018B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p21:*:*:*:*:*:*",
              "matchCriteriaId": "97402ADA-AB05-4A92-920D-EA5363424FDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p22:*:*:*:*:*:*",
              "matchCriteriaId": "697A1D34-FF0C-4F9E-8E91-34404A366D70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p23:*:*:*:*:*:*",
              "matchCriteriaId": "9030D096-87A1-4AFF-BB7C-CE71990005B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p24:*:*:*:*:*:*",
              "matchCriteriaId": "F211A8B1-E33E-49BE-9C18-31B1902EB4FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p25:*:*:*:*:*:*",
              "matchCriteriaId": "4152CEA2-9DC1-4567-BAB3-9C36F74F77EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p26:*:*:*:*:*:*",
              "matchCriteriaId": "9BC02B35-7FC4-41AB-8D2E-2CD1896D84C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p27:*:*:*:*:*:*",
              "matchCriteriaId": "0294CB8B-B0AF-4A5C-B6B2-33F5BFFFBD4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p28:*:*:*:*:*:*",
              "matchCriteriaId": "968A75B4-6D23-4B83-A8B5-777D8F151E04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p29:*:*:*:*:*:*",
              "matchCriteriaId": "5E11BC24-56A3-4CAB-B0B2-D2430CD80767",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*",
              "matchCriteriaId": "EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p30:*:*:*:*:*:*",
              "matchCriteriaId": "50FB0099-0495-4735-9398-7F7E657F459B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31:*:*:*:*:*:*",
              "matchCriteriaId": "FAE2858A-6D9E-4D79-AFA6-69C44D6D8C75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31.1:*:*:*:*:*:*",
              "matchCriteriaId": "5C1D9EB8-E3FE-4BF3-8517-603BA4B126C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p32:*:*:*:*:*:*",
              "matchCriteriaId": "50A296BC-6DA4-41B2-923A-0633566AD6C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p33:*:*:*:*:*:*",
              "matchCriteriaId": "C066ED38-1175-48FB-BE05-BE0C19E9EBE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p34:*:*:*:*:*:*",
              "matchCriteriaId": "89B3EF32-B474-44DB-AE30-CD308CDC5A77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p35:*:*:*:*:*:*",
              "matchCriteriaId": "A9ECCB00-F3F4-4EB7-9FD0-4CB64678B129",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p36:*:*:*:*:*:*",
              "matchCriteriaId": "37739F7A-490F-42A8-B97D-D09A3EDB85DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p37:*:*:*:*:*:*",
              "matchCriteriaId": "518662DA-C0F3-4875-86D7-5ED2B2496CC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p38:*:*:*:*:*:*",
              "matchCriteriaId": "64B28BE5-F35D-4AB0-A321-CEAE21BC26FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p39:*:*:*:*:*:*",
              "matchCriteriaId": "9DFBABD6-70F2-4E3B-A9C0-82DE76D48542",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*",
              "matchCriteriaId": "BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p40:*:*:*:*:*:*",
              "matchCriteriaId": "0D2D6DBD-560A-4F8E-B2CC-67A564C460A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p41:*:*:*:*:*:*",
              "matchCriteriaId": "BFBC20F8-7F50-4D9D-8442-3397DED4B18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p42:*:*:*:*:*:*",
              "matchCriteriaId": "D175FCA2-F902-4470-BFF6-5EC2F31BB06D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p43:*:*:*:*:*:*",
              "matchCriteriaId": "5516ED19-5648-4BC8-A9C2-6EE41B1794C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p44:*:*:*:*:*:*",
              "matchCriteriaId": "28D5F229-EE33-42C4-A26D-23BC760720A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p45:*:*:*:*:*:*",
              "matchCriteriaId": "A00BE897-F462-4193-BF51-4381B04C076B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p46:*:*:*:*:*:*",
              "matchCriteriaId": "8D93DABB-4E8B-4DB4-BCD5-D495933D0223",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*",
              "matchCriteriaId": "A9A1314A-20C8-42D7-9387-D914999EEAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*",
              "matchCriteriaId": "CEF091C5-8DC6-4A41-9E84-F53BE703F71B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:*",
              "matchCriteriaId": "ACD65C28-9716-4073-8613-C4AF12684760",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:*",
              "matchCriteriaId": "2C58AFFF-848F-490D-A95C-03A267C2DC98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:*",
              "matchCriteriaId": "B62DC188-89A8-4AEA-90AE-563F0BBEFC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "32AFCE22-5ADA-4FF7-A165-5EC12B325DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*",
              "matchCriteriaId": "D3577FE6-F1F4-4555-8D27-84D6DE731EA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:*",
              "matchCriteriaId": "931BD98E-1A5F-4634-945B-BDD7D2FAA8B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:*",
              "matchCriteriaId": "2E7C0A57-A887-4D29-B601-4275313F46B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:*",
              "matchCriteriaId": "B7248B91-D136-4DD5-A631-737E4C220A02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:*",
              "matchCriteriaId": "494F6FD4-36ED-4E40-8336-7F077FA80FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:*",
              "matchCriteriaId": "9DF8C0CE-A71D-4BB1-83FB-1EA5ED77E0C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:*",
              "matchCriteriaId": "E0648498-2EE5-4B68-8360-ED5914285356",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:*",
              "matchCriteriaId": "24282FF8-548B-415B-95CA-1EFD404D21D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:*",
              "matchCriteriaId": "ACFDF2D9-ED72-4969-AA3B-E8D48CB1922D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:*",
              "matchCriteriaId": "2B7D0A8B-7A72-4C1A-85F2-BE336CA47E0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:*",
              "matchCriteriaId": "019AFC34-289E-4A01-B08B-A5807F7F909A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*",
              "matchCriteriaId": "7E7B3976-DA6F-4285-93E6-2328006F7F4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:*",
              "matchCriteriaId": "062E586F-0E02-45A6-93AD-895048FC2D4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:*",
              "matchCriteriaId": "3EE37BEE-4BDB-4E62-8DE3-98CF74DFBE01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:*",
              "matchCriteriaId": "ADF51BCA-37DD-4642-B201-74A6D1A545FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:*",
              "matchCriteriaId": "39611F3D-A898-4C35-8915-3334CDFB78E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:*",
              "matchCriteriaId": "40AB56B7-7222-4C44-A271-45DFE3673F72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:*",
              "matchCriteriaId": "2AE8F501-4528-4F15-AE50-D4F11FB462DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:*",
              "matchCriteriaId": "AB9E054B-7790-4E74-A771-40BF6EC71610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:*",
              "matchCriteriaId": "DD924E57-C77B-430B-A615-537BB39CEA9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p27:*:*:*:*:*:*",
              "matchCriteriaId": "F43F4AC0-7C82-4CF4-B0C7-3A4C567BC985",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p28:*:*:*:*:*:*",
              "matchCriteriaId": "7991F602-41D7-4377-B888-D66A467EAD67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p29:*:*:*:*:*:*",
              "matchCriteriaId": "2193FCA2-1AE3-497D-B0ED-5B89727410E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:*",
              "matchCriteriaId": "FA310AFA-492D-4A6C-A7F6-740E82CB6E57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p30:*:*:*:*:*:*",
              "matchCriteriaId": "FF95618B-0BFB-403C-83BE-C97879FC866D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p31:*:*:*:*:*:*",
              "matchCriteriaId": "A82346A9-9CC2-4B91-BA2F-A815AAA92A7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p32:*:*:*:*:*:*",
              "matchCriteriaId": "2E800348-E139-418D-910B-7B3A9E1E721C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p33:*:*:*:*:*:*",
              "matchCriteriaId": "C7DE1A7E-573B-42F3-B0A4-D2E676954FE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p34:*:*:*:*:*:*",
              "matchCriteriaId": "E60BC1D0-8552-4E6B-B2C5-96038448C238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p35:*:*:*:*:*:*",
              "matchCriteriaId": "3924251E-13B0-420E-8080-D3312C3D54AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p36:*:*:*:*:*:*",
              "matchCriteriaId": "AEBE75F9-A494-4C78-927A-EA564BDCCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p37:*:*:*:*:*:*",
              "matchCriteriaId": "900BECBA-7FDB-4E35-9603-29706FB87BD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p38:*:*:*:*:*:*",
              "matchCriteriaId": "5024FD58-A3ED-43B1-83EF-F4570C2573BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p39:*:*:*:*:*:*",
              "matchCriteriaId": "3CC9D046-4EB4-4608-8AB7-B60AC330A770",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:*",
              "matchCriteriaId": "2AF337B5-B296-449B-8848-7636EC7C46C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p40:*:*:*:*:*:*",
              "matchCriteriaId": "A4535EC5-74D5-41E8-95F1-5C033ADB043E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p41:*:*:*:*:*:*",
              "matchCriteriaId": "408E1BFD-16AA-458C-B040-04870522FEBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p42:*:*:*:*:*:*",
              "matchCriteriaId": "205B2CDC-6423-4FD9-9FD0-847ADEB64003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:*",
              "matchCriteriaId": "52232ACA-C158-48C8-A0DB-7689040CB8FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:*",
              "matchCriteriaId": "3B4D0040-86D0-46C3-8A9A-3DD12138B9ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:*",
              "matchCriteriaId": "D2BB9BC7-078D-4E08-88E4-9432D74CA9BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:*",
              "matchCriteriaId": "F04D4B77-D386-4BC8-8169-9846693F6F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:*",
              "matchCriteriaId": "992370FA-F171-4FB3-9C1C-58AC37038CE4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user\u0027s session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed \u003cimg\u003e tags with embedded JavaScript. The vulnerability is triggered when a user views a specially crafted email in the Classic UI, requiring no additional user interaction."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 9.0.0 (anterior al parche 43), 10.0.x (anterior a la versi\u00f3n 10.0.12), 10.1.x (anterior a la versi\u00f3n 10.1.4) y 8.8.15 (anterior al parche 47). Una vulnerabilidad de Cross-Site Scripting (XSS) en la interfaz cl\u00e1sica de Zimbra permite a los atacantes ejecutar JavaScript arbitrario en la sesi\u00f3n de la v\u00edctima, lo que podr\u00eda provocar acceso no autorizado a informaci\u00f3n confidencial. Este problema se debe a una limpieza insuficiente del contenido HTML, incluyendo etiquetas  malformadas con JavaScript incrustado. La vulnerabilidad se activa cuando la v\u00edctima visualiza un correo electr\u00f3nico especialmente manipulado en la interfaz cl\u00e1sica, lo que provoca la ejecuci\u00f3n del script malicioso. No se requiere ninguna otra interacci\u00f3n del usuario m\u00e1s all\u00e1 de visualizar el correo electr\u00f3nico."
    }
  ],
  "id": "CVE-2024-45516",
  "lastModified": "2025-06-11T21:20:29.063",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-05-14T20:15:20.857",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Security_Center"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Product"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.