CVE-2024-45194

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-45194

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45194.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45194

Published

2024-11-21T17:15:15Z

Modified

2025-06-12T04:06:03.564346Z

Summary

[none]

Details

In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This injected code is stored on the server and executed in the context of the victim's browser when interacting with specific elements in the web interface. (The vulnerability can be mitigated by properly sanitizing input parameters to prevent the injection of malicious code.)

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-build
Events: Introduced

b68c7b31a1d94f94903a79c53f1bd316b792de1d

Fixed

2c67cbdfaebf6a71928749b7146f4852876b63ff

Type: GIT
Repo: https://github.com/zimbra/zm-mailbox
Events: Introduced

8033bd1ec9d7211c2eb5fa71aeb3b4073a8dc160

Fixed

a28371d6e77de652833e208a1c9d074f94ce36b4

Type: GIT
Repo: https://github.com/zimbra/zm-zcs-lib
Events: Introduced

e94be3228495cb215d7bb70d6ae24bc8a42cc01f

Fixed

74ca4ff049d001731d7e1a22f667e32ad9a672e1

Affected versions

10.*

10.0.0-GA

10.0.1

10.0.2

10.0.4

10.0.5

10.0.6

10.0.7

10.0.8