CVE-2022-24682 (GCVE-0-2022-24682)
Vulnerability from cvelistv5 – Published: 2022-02-09 03:19 – Updated: 2025-10-21 23:15
VLAI?
CISA
Summary
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
Severity ?
6.1 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
CISA Known Exploited Vulnerability
Data from the CISA Known Exploited Vulnerabilities Catalog
Date added: 2022-02-25
Due date: 2022-03-11
Required action: Apply updates per vendor instructions.
Used in ransomware: Known
Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-24682
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-24682",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T21:19:33.587330Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-02-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:48.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-02-25T00:00:00+00:00",
"value": "CVE-2022-24682 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T03:19:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
},
{
"name": "https://wiki.zimbra.com/wiki/Security_Center",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"name": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/",
"refsource": "MISC",
"url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
},
{
"name": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/",
"refsource": "MISC",
"url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
},
{
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30",
"refsource": "MISC",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24682",
"datePublished": "2022-02-09T03:19:04.000Z",
"dateReserved": "2022-02-09T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:48.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2022-24682",
"cwes": "[\"CWE-79\", \"CWE-116\"]",
"dateAdded": "2022-02-25",
"dueDate": "2022-03-11",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2022-24682",
"product": "Zimbra Collaborate Suite (ZCS)",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.",
"vendorProject": "Synacor",
"vulnerabilityName": "Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability"
},
"fkie_nvd": {
"cisaActionDue": "2022-03-11",
"cisaExploitAdd": "2022-02-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Zimbra Webmail Cross-Site Scripting Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.8\", \"versionEndExcluding\": \"8.8.15\", \"matchCriteriaId\": \"9BDCCB43-EBE0-4E5D-B2E1-E346A3694AB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA48C450-201C-4398-AB65-EF6F95FB0380\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F759114-CF2D-48BF-8D09-EBE8D1ED1949\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*\", \"matchCriteriaId\": \"C43634F5-2946-44D2-8A50-B717374A8126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*\", \"matchCriteriaId\": \"20315895-5410-4B88-B2D9-E9C5D79A64DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF405091-A832-4945-87EC-AA525F37DF91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9B6FFA8-CFD2-47C6-9475-79210CB9AA84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*\", \"matchCriteriaId\": \"964CA714-937C-4FC0-A1E9-07F846C786BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAF8F155-1406-46ED-A81F-BCC4CE525F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*\", \"matchCriteriaId\": \"56A8F56B-3457-4C19-B213-3B04FEE8D7A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4F8D255-3F91-45FF-9133-4023BA688F9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"37BC4DF5-D111-4295-94FC-AA8929CDF2A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9D50108-0404-4791-8057-DB1786D311C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*\", \"matchCriteriaId\": \"858727DB-AE6F-435D-B8FD-6C94C3400E40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FA6AC95-288C-4ABA-B2A7-47E4134EDC31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AA82728-5901-482A-83CF-F883D4B6A8E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E762792-542E-43D0-A95A-E7F48F328A28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DD4641A-EC23-4B1A-8729-9AECD70390AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*\", \"matchCriteriaId\": \"840F98DC-57F1-4054-A6C1-6E7F0340AC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE2A1305-68B7-4CB7-837F-4EDE2EBED507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"21768A61-7578-4EEC-A23B-FEC10CAA9EDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"661403E7-1D65-4710-8413-47D74FF65BE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"0695D2E0-45B3-493C-BA6D-471B90C0ACC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"714FAFE6-68AE-4304-B040-48BC46F85A2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"73FC2D2D-8BBD-4259-8B35-0D9BFA40567B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB97E9E6-CC4A-458D-B731-6D51130B942C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA688C43-846A-4C4A-AEDB-113D967D3D73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualizaci\\u00f3n 1), como es explotado \\\"in the wild\\\" a partir de diciembre 2021. Un atacante podr\\u00eda colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. Este marcado es convertido en unescaped, causando que el marcado arbitrario sea inyectado en el documento\"}]",
"id": "CVE-2022-24682",
"lastModified": "2024-11-21T06:50:51.877",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2022-02-09T04:15:07.400",
"references": "[{\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-116\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-24682\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-02-09T04:15:07.400\",\"lastModified\":\"2025-11-04T16:46:49.883\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualizaci\u00f3n 1), como es explotado \\\"in the wild\\\" a partir de diciembre 2021. Un atacante podr\u00eda colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. Este marcado es convertido en unescaped, causando que el marcado arbitrario sea inyectado en el documento\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-02-25\",\"cisaActionDue\":\"2022-03-11\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8.0\",\"versionEndExcluding\":\"8.8.15\",\"matchCriteriaId\":\"0696BCE7-5351-4B01-9593-BA8BFB2D3A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E39A855-C0EB-4448-AE96-177757C40C66\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFE7BE6E-7A9A-40C7-B236-7A21103E9F41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5924FFC-BA19-48B3-BF4D-0C2DB3FCD407\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"7822D273-C2CB-4EFE-B929-3D34C65E005E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81528E8-FE3A-4C48-A747-34A3FF28BCAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"D772D4BA-9ED6-492C-A0D3-0AF4F3D49037\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2A468FE-B59B-4CE9-B9B2-C836EEAFA3E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"04BECDE0-F082-49FB-ACA2-5C808902AA17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"56558FD4-4391-4199-BA6B-B53F5DC30144\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A530D3-B84E-427B-BC92-64BBFEF331BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C0DCE7F-85A4-44C6-88C8-380B0BBBFA7E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"180AF8B6-55AE-460C-B613-37FB697B5325\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FCB5528-70FD-4525-A78B-D5537609331A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"34B07279-A26A-4EB1-8B33-885AD854018B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"97402ADA-AB05-4A92-920D-EA5363424FDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"697A1D34-FF0C-4F9E-8E91-34404A366D70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"9030D096-87A1-4AFF-BB7C-CE71990005B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"F211A8B1-E33E-49BE-9C18-31B1902EB4FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"4152CEA2-9DC1-4567-BAB3-9C36F74F77EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BC02B35-7FC4-41AB-8D2E-2CD1896D84C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"0294CB8B-B0AF-4A5C-B6B2-33F5BFFFBD4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p28:*:*:*:*:*:*\",\"matchCriteriaId\":\"968A75B4-6D23-4B83-A8B5-777D8F151E04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p29:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E11BC24-56A3-4CAB-B0B2-D2430CD80767\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9A1314A-20C8-42D7-9387-D914999EEAF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEF091C5-8DC6-4A41-9E84-F53BE703F71B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACD65C28-9716-4073-8613-C4AF12684760\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C58AFFF-848F-490D-A95C-03A267C2DC98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"B62DC188-89A8-4AEA-90AE-563F0BBEFC54\"}]}]}],\"references\":[{\"url\":\"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Security_Center\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Security_Center\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T04:20:50.185Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-24682\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T21:19:33.587330Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-02-25\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2022-02-25T00:00:00+00:00\", \"value\": \"CVE-2022-24682 added to CISA KEV\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-116\", \"description\": \"CWE-116 Improper Encoding or Escaping of Output\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T21:19:00.884Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2022-02-09T03:19:04.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"name\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"refsource\": \"MISC\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"name\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"name\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"refsource\": \"MISC\"}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"name\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"refsource\": \"MISC\"}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"name\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2022-24682\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-24682\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T18:48:15.354Z\", \"dateReserved\": \"2022-02-09T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2022-02-09T03:19:04.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…