CVE-2024-45194
CVSS 3.1 Score 4.8 of 10 (medium)
Details
Summary
CVE-2024-45194 is a vulnerability impacting Zimbra Collaboration (ZCS) versions 9.0 and 10.0. It permits an attacker with administrative access to the Zimbra Administration Panel to inject malicious JavaScript code while configuring an email account. The injected code is then stored on the server and executed in the victim's browser when interacting with specific web interface elements. This XSS flaw can be exploited to gain unauthorized access to user sessions or steal sensitive data. Administrators can mitigate this vulnerability by ensuring proper input sanitization to prevent code injection.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Zimbra Collaboration Suite
Affected Vendors
- Zimbra