CVE-2024-45513

CVSS 3.1 Score 4.8 of 10 (medium)

Details

Published Nov 21, 2024
CWE ID 79

Summary

CVE-2024-45513 is a stored Cross-Site Scripting (XSS) vulnerability affecting Zimbra Collaboration (ZCS) versions up to 10.1. This issue is located in the /modern/contacts/print endpoint of Zimbra webmail. An attacker can exploit this vulnerability by crafting a malicious vCard (VCF) file. Upon processing and printing this file, the victim's browser is injected with arbitrary JavaScript code, which could result in unauthorized actions within the victim's Zimbra session.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Zimbra Collaboration Suite

Affected Vendors

  • Zimbra