CVE-2024-45513

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CISA-ADPADP
4.8 MEDIUM
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
synacorzimbra_collaboration_suite
𝑥
< 9.0.0
synacorzimbra_collaboration_suite
10.0.0 ≤
𝑥
< 10.0.9
synacorzimbra_collaboration_suite
9.0.0
synacorzimbra_collaboration_suite
9.0.0:p1
synacorzimbra_collaboration_suite
9.0.0:p10
synacorzimbra_collaboration_suite
9.0.0:p11
synacorzimbra_collaboration_suite
9.0.0:p12
synacorzimbra_collaboration_suite
9.0.0:p13
synacorzimbra_collaboration_suite
9.0.0:p14
synacorzimbra_collaboration_suite
9.0.0:p15
synacorzimbra_collaboration_suite
9.0.0:p16
synacorzimbra_collaboration_suite
9.0.0:p17
synacorzimbra_collaboration_suite
9.0.0:p18
synacorzimbra_collaboration_suite
9.0.0:p19
synacorzimbra_collaboration_suite
9.0.0:p2
synacorzimbra_collaboration_suite
9.0.0:p20
synacorzimbra_collaboration_suite
9.0.0:p21
synacorzimbra_collaboration_suite
9.0.0:p22
synacorzimbra_collaboration_suite
9.0.0:p23
synacorzimbra_collaboration_suite
9.0.0:p24
synacorzimbra_collaboration_suite
9.0.0:p24.1
synacorzimbra_collaboration_suite
9.0.0:p25
synacorzimbra_collaboration_suite
9.0.0:p26
synacorzimbra_collaboration_suite
9.0.0:p27
synacorzimbra_collaboration_suite
9.0.0:p28
synacorzimbra_collaboration_suite
9.0.0:p29
synacorzimbra_collaboration_suite
9.0.0:p3
synacorzimbra_collaboration_suite
9.0.0:p30
synacorzimbra_collaboration_suite
9.0.0:p31
synacorzimbra_collaboration_suite
9.0.0:p32
synacorzimbra_collaboration_suite
9.0.0:p33
synacorzimbra_collaboration_suite
9.0.0:p34
synacorzimbra_collaboration_suite
9.0.0:p35
synacorzimbra_collaboration_suite
9.0.0:p36
synacorzimbra_collaboration_suite
9.0.0:p37
synacorzimbra_collaboration_suite
9.0.0:p38
synacorzimbra_collaboration_suite
9.0.0:p39
synacorzimbra_collaboration_suite
9.0.0:p4
synacorzimbra_collaboration_suite
9.0.0:p40
synacorzimbra_collaboration_suite
9.0.0:p5
synacorzimbra_collaboration_suite
9.0.0:p6
synacorzimbra_collaboration_suite
9.0.0:p7
synacorzimbra_collaboration_suite
9.0.0:p8
synacorzimbra_collaboration_suite
9.0.0:p9
synacorzimbra_collaboration_suite
10.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy