CVE-2024-45194

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 21, 2024
CWE ID 79

Summary

CVE-2024-45194 is a vulnerability impacting Zimbra Collaboration (ZCS) versions 9.0 and 10.0. It permits an attacker with administrative access to the Zimbra Administration Panel to inject malicious JavaScript code while configuring an email account. The injected code is then stored on the server and executed in the victim's browser when interacting with specific web interface elements. This XSS flaw can be exploited to gain unauthorized access to user sessions or steal sensitive data. Administrators can mitigate this vulnerability by ensuring proper input sanitization to prevent code injection.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Zimbra Collaboration Suite

Affected Vendors

  • Zimbra