CVE-2024-45513
- Source
- https://cve.org/CVERecord?id=CVE-2024-45513
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45513.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-45513
- Published
- 2024-11-21T17:15:15.793Z
- Modified
- 2026-04-10T05:17:49.078628Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session.
- References
-
- https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
- https://wiki.zimbra.com/wiki/Security_Center
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
Affected packages
Git / github.com/zimbra/zm-build
Affected ranges
- Type
- GIT
- Repo
- https://github.com/zimbra/zm-build
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "9.0.0" }, { "introduced": "10.0.0" }, { "fixed": "10.0.9" }, { "introduced": "0" }, { "last_affected": "9.0.0-NA" }, { "introduced": "0" }, { "last_affected": "9.0.0-p1" }, { "introduced": "0" }, { "last_affected": "9.0.0-p19" }, { "introduced": "0" }, { "last_affected": "9.0.0-p20" }, { "introduced": "0" }, { "last_affected": "9.0.0-p23" }, { "introduced": "0" }, { "last_affected": "9.0.0-p25" }, { "introduced": "0" }, { "last_affected": "9.0.0-p26" }, { "introduced": "0" }, { "last_affected": "9.0.0-p27" }, { "introduced": "0" }, { "last_affected": "9.0.0-p28" }, { "introduced": "0" }, { "last_affected": "9.0.0-p33" }, { "introduced": "0" }, { "last_affected": "9.0.0-p36" }, { "introduced": "0" }, { "last_affected": "9.0.0-p37" }, { "introduced": "0" }, { "last_affected": "9.0.0-p38" }, { "introduced": "0" }, { "last_affected": "9.0.0-p4" }, { "introduced": "0" }, { "last_affected": "9.0.0-p7" }, { "introduced": "0" }, { "last_affected": "10.1.0" } ] }
- Type
- GIT
- Repo
- https://github.com/zimbra/zm-mailbox
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "last_affected": "9.0.0-p10" }, { "introduced": "0" }, { "last_affected": "9.0.0-p11" }, { "introduced": "0" }, { "last_affected": "9.0.0-p13" }, { "introduced": "0" }, { "last_affected": "9.0.0-p14" }, { "introduced": "0" }, { "last_affected": "9.0.0-p16" }, { "introduced": "0" }, { "last_affected": "9.0.0-p17" }, { "introduced": "0" }, { "last_affected": "9.0.0-p18" }, { "introduced": "0" }, { "last_affected": "9.0.0-p2" }, { "introduced": "0" }, { "last_affected": "9.0.0-p22" }, { "introduced": "0" }, { "last_affected": "9.0.0-p24" }, { "introduced": "0" }, { "last_affected": "9.0.0-p24\\.1" }, { "introduced": "0" }, { "last_affected": "9.0.0-p29" }, { "introduced": "0" }, { "last_affected": "9.0.0-p3" }, { "introduced": "0" }, { "last_affected": "9.0.0-p30" }, { "introduced": "0" }, { "last_affected": "9.0.0-p32" }, { "introduced": "0" }, { "last_affected": "9.0.0-p34" }, { "introduced": "0" }, { "last_affected": "9.0.0-p39" }, { "introduced": "0" }, { "last_affected": "9.0.0-p40" }, { "introduced": "0" }, { "last_affected": "9.0.0-p5" }, { "introduced": "0" }, { "last_affected": "9.0.0-p6" }, { "introduced": "0" }, { "last_affected": "9.0.0-p8" }, { "introduced": "0" }, { "last_affected": "9.0.0-p9" } ] }
Affected versions
10.*
10.0.0-GA
10.0.1
10.0.4
10.0.5
10.0.6
10.1.0
8.*
8.7.10
8.7.11
8.7.6
8.7.7
8.7.9
8.8.0.beta1
8.8.10
8.8.12
8.8.2
8.8.3
8.8.4
8.8.5
8.8.6
8.8.7
8.8.8
8.8.9
8.8.9.p1
8.8.9.p3
9.*
9.0.0
9.0.0.U20
9.0.0.p1
9.0.0.p10
9.0.0.p11
9.0.0.p13
9.0.0.p14
9.0.0.p16
9.0.0.p17
9.0.0.p18
9.0.0.p19
9.0.0.p2
9.0.0.p20
9.0.0.p22
9.0.0.p23
9.0.0.p24
9.0.0.p24.1
9.0.0.p25
9.0.0.p26
9.0.0.p27
9.0.0.p28
9.0.0.p29
9.0.0.p3
9.0.0.p30
9.0.0.p32
9.0.0.p33
9.0.0.p34
9.0.0.p36
9.0.0.p37
9.0.0.p38
9.0.0.p39
9.0.0.p4
9.0.0.p40
9.0.0.p5
9.0.0.p6
9.0.0.p7
9.0.0.p7.1
9.0.0.p8
9.0.0.p9
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45513.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p15"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p21"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0.0-p35"
}
]
}
]