QwikSec

Security Database

CVE

CWE

Training

CVE-2024-45514

Published: Nov 21, 2024

Modified: Nov 21, 2024

PUBLISHED

Description

An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://wiki.zimbra.com/wiki/Security_Center

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.