CVE-2024-45514
21.11.2024, 16:15
An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session.
| Vendor | Product | Version |
|---|---|---|
| synacor | zimbra_collaboration_suite | 𝑥 < 8.8.15 |
| synacor | zimbra_collaboration_suite | 10.0.0 ≤ 𝑥 < 10.0.9 |
| synacor | zimbra_collaboration_suite | 8.8.15 |
| synacor | zimbra_collaboration_suite | 8.8.15:p1 |
| synacor | zimbra_collaboration_suite | 8.8.15:p10 |
| synacor | zimbra_collaboration_suite | 8.8.15:p11 |
| synacor | zimbra_collaboration_suite | 8.8.15:p12 |
| synacor | zimbra_collaboration_suite | 8.8.15:p13 |
| synacor | zimbra_collaboration_suite | 8.8.15:p14 |
| synacor | zimbra_collaboration_suite | 8.8.15:p15 |
| synacor | zimbra_collaboration_suite | 8.8.15:p16 |
| synacor | zimbra_collaboration_suite | 8.8.15:p17 |
| synacor | zimbra_collaboration_suite | 8.8.15:p18 |
| synacor | zimbra_collaboration_suite | 8.8.15:p19 |
| synacor | zimbra_collaboration_suite | 8.8.15:p2 |
| synacor | zimbra_collaboration_suite | 8.8.15:p20 |
| synacor | zimbra_collaboration_suite | 8.8.15:p21 |
| synacor | zimbra_collaboration_suite | 8.8.15:p22 |
| synacor | zimbra_collaboration_suite | 8.8.15:p23 |
| synacor | zimbra_collaboration_suite | 8.8.15:p24 |
| synacor | zimbra_collaboration_suite | 8.8.15:p25 |
| synacor | zimbra_collaboration_suite | 8.8.15:p26 |
| synacor | zimbra_collaboration_suite | 8.8.15:p27 |
| synacor | zimbra_collaboration_suite | 8.8.15:p28 |
| synacor | zimbra_collaboration_suite | 8.8.15:p29 |
| synacor | zimbra_collaboration_suite | 8.8.15:p3 |
| synacor | zimbra_collaboration_suite | 8.8.15:p30 |
| synacor | zimbra_collaboration_suite | 8.8.15:p31 |
| synacor | zimbra_collaboration_suite | 8.8.15:p31.1 |
| synacor | zimbra_collaboration_suite | 8.8.15:p32 |
| synacor | zimbra_collaboration_suite | 8.8.15:p33 |
| synacor | zimbra_collaboration_suite | 8.8.15:p34 |
| synacor | zimbra_collaboration_suite | 8.8.15:p35 |
| synacor | zimbra_collaboration_suite | 8.8.15:p36 |
| synacor | zimbra_collaboration_suite | 8.8.15:p37 |
| synacor | zimbra_collaboration_suite | 8.8.15:p38 |
| synacor | zimbra_collaboration_suite | 8.8.15:p39 |
| synacor | zimbra_collaboration_suite | 8.8.15:p4 |
| synacor | zimbra_collaboration_suite | 8.8.15:p40 |
| synacor | zimbra_collaboration_suite | 8.8.15:p41 |
| synacor | zimbra_collaboration_suite | 8.8.15:p42 |
| synacor | zimbra_collaboration_suite | 8.8.15:p43 |
| synacor | zimbra_collaboration_suite | 8.8.15:p44 |
| synacor | zimbra_collaboration_suite | 8.8.15:p45 |
| synacor | zimbra_collaboration_suite | 8.8.15:p5 |
| synacor | zimbra_collaboration_suite | 8.8.15:p6 |
| synacor | zimbra_collaboration_suite | 8.8.15:p7 |
| synacor | zimbra_collaboration_suite | 8.8.15:p8 |
| synacor | zimbra_collaboration_suite | 8.8.15:p9 |
| synacor | zimbra_collaboration_suite | 9.0.0 |
| synacor | zimbra_collaboration_suite | 9.0.0:p1 |
| synacor | zimbra_collaboration_suite | 9.0.0:p10 |
| synacor | zimbra_collaboration_suite | 9.0.0:p11 |
| synacor | zimbra_collaboration_suite | 9.0.0:p12 |
| synacor | zimbra_collaboration_suite | 9.0.0:p13 |
| synacor | zimbra_collaboration_suite | 9.0.0:p14 |
| synacor | zimbra_collaboration_suite | 9.0.0:p15 |
| synacor | zimbra_collaboration_suite | 9.0.0:p16 |
| synacor | zimbra_collaboration_suite | 9.0.0:p17 |
| synacor | zimbra_collaboration_suite | 9.0.0:p18 |
| synacor | zimbra_collaboration_suite | 9.0.0:p19 |
| synacor | zimbra_collaboration_suite | 9.0.0:p2 |
| synacor | zimbra_collaboration_suite | 9.0.0:p20 |
| synacor | zimbra_collaboration_suite | 9.0.0:p21 |
| synacor | zimbra_collaboration_suite | 9.0.0:p22 |
| synacor | zimbra_collaboration_suite | 9.0.0:p23 |
| synacor | zimbra_collaboration_suite | 9.0.0:p24 |
| synacor | zimbra_collaboration_suite | 9.0.0:p24.1 |
| synacor | zimbra_collaboration_suite | 9.0.0:p25 |
| synacor | zimbra_collaboration_suite | 9.0.0:p26 |
| synacor | zimbra_collaboration_suite | 9.0.0:p27 |
| synacor | zimbra_collaboration_suite | 9.0.0:p28 |
| synacor | zimbra_collaboration_suite | 9.0.0:p29 |
| synacor | zimbra_collaboration_suite | 9.0.0:p3 |
| synacor | zimbra_collaboration_suite | 9.0.0:p30 |
| synacor | zimbra_collaboration_suite | 9.0.0:p31 |
| synacor | zimbra_collaboration_suite | 9.0.0:p32 |
| synacor | zimbra_collaboration_suite | 9.0.0:p33 |
| synacor | zimbra_collaboration_suite | 9.0.0:p34 |
| synacor | zimbra_collaboration_suite | 9.0.0:p35 |
| synacor | zimbra_collaboration_suite | 9.0.0:p36 |
| synacor | zimbra_collaboration_suite | 9.0.0:p37 |
| synacor | zimbra_collaboration_suite | 9.0.0:p38 |
| synacor | zimbra_collaboration_suite | 9.0.0:p39 |
| synacor | zimbra_collaboration_suite | 9.0.0:p4 |
| synacor | zimbra_collaboration_suite | 9.0.0:p40 |
| synacor | zimbra_collaboration_suite | 9.0.0:p5 |
| synacor | zimbra_collaboration_suite | 9.0.0:p6 |
| synacor | zimbra_collaboration_suite | 9.0.0:p7 |
| synacor | zimbra_collaboration_suite | 9.0.0:p8 |
| synacor | zimbra_collaboration_suite | 9.0.0:p9 |
| synacor | zimbra_collaboration_suite | 10.1.0 |
𝑥
= Vulnerable software versions
References