cve-2022-24682
Vulnerability from cvelistv5
Published
2022-02-09 03:19
Modified
2024-08-03 04:20
Severity ?
Summary
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
References
cve@mitre.orghttps://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/Vendor Advisory
cve@mitre.orghttps://wiki.zimbra.com/wiki/Security_CenterVendor Advisory
cve@mitre.orghttps://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30Release Notes, Vendor Advisory
cve@mitre.orghttps://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
cve@mitre.orghttps://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://wiki.zimbra.com/wiki/Security_CenterVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/Exploit, Third Party Advisory
Impacted products
Vendor Product Version
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2022-02-25

Due date: 2022-03-11

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-24682

Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:20:50.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.zimbra.com/wiki/Security_Center"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-09T03:19:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.zimbra.com/wiki/Security_Center"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2022-24682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
              "refsource": "MISC",
              "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
            },
            {
              "name": "https://wiki.zimbra.com/wiki/Security_Center",
              "refsource": "MISC",
              "url": "https://wiki.zimbra.com/wiki/Security_Center"
            },
            {
              "name": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/",
              "refsource": "MISC",
              "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"
            },
            {
              "name": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/",
              "refsource": "MISC",
              "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"
            },
            {
              "name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30",
              "refsource": "MISC",
              "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24682",
    "datePublished": "2022-02-09T03:19:04",
    "dateReserved": "2022-02-09T00:00:00",
    "dateUpdated": "2024-08-03T04:20:50.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2022-24682",
      "cwes": "[\"CWE-79\", \"CWE-116\"]",
      "dateAdded": "2022-02-25",
      "dueDate": "2022-03-11",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2022-24682",
      "product": "Webmail",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Zimbra webmail clients running versions 8.8.15 P29 \u0026 P30 contain a XSS vulnerability that would allow attackers to steal session cookie files.",
      "vendorProject": "Zimbra",
      "vulnerabilityName": "Zimbra Webmail Cross-Site Scripting Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2022-03-11",
      "cisaExploitAdd": "2022-02-25",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Zimbra Webmail Cross-Site Scripting Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.8\", \"versionEndExcluding\": \"8.8.15\", \"matchCriteriaId\": \"9BDCCB43-EBE0-4E5D-B2E1-E346A3694AB9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA48C450-201C-4398-AB65-EF6F95FB0380\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F759114-CF2D-48BF-8D09-EBE8D1ED1949\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*\", \"matchCriteriaId\": \"C43634F5-2946-44D2-8A50-B717374A8126\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*\", \"matchCriteriaId\": \"20315895-5410-4B88-B2D9-E9C5D79A64DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF405091-A832-4945-87EC-AA525F37DF91\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9B6FFA8-CFD2-47C6-9475-79210CB9AA84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*\", \"matchCriteriaId\": \"964CA714-937C-4FC0-A1E9-07F846C786BD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAF8F155-1406-46ED-A81F-BCC4CE525F43\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*\", \"matchCriteriaId\": \"56A8F56B-3457-4C19-B213-3B04FEE8D7A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4F8D255-3F91-45FF-9133-4023BA688F9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"37BC4DF5-D111-4295-94FC-AA8929CDF2A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9D50108-0404-4791-8057-DB1786D311C8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*\", \"matchCriteriaId\": \"858727DB-AE6F-435D-B8FD-6C94C3400E40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*\", \"matchCriteriaId\": \"3FA6AC95-288C-4ABA-B2A7-47E4134EDC31\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*\", \"matchCriteriaId\": \"4AA82728-5901-482A-83CF-F883D4B6A8E5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E762792-542E-43D0-A95A-E7F48F328A28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DD4641A-EC23-4B1A-8729-9AECD70390AF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*\", \"matchCriteriaId\": \"840F98DC-57F1-4054-A6C1-6E7F0340AC2C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE2A1305-68B7-4CB7-837F-4EDE2EBED507\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"21768A61-7578-4EEC-A23B-FEC10CAA9EDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"661403E7-1D65-4710-8413-47D74FF65BE4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"0695D2E0-45B3-493C-BA6D-471B90C0ACC5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"714FAFE6-68AE-4304-B040-48BC46F85A2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"73FC2D2D-8BBD-4259-8B35-0D9BFA40567B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB97E9E6-CC4A-458D-B731-6D51130B942C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA688C43-846A-4C4A-AEDB-113D967D3D73\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualizaci\\u00f3n 1), como es explotado \\\"in the wild\\\" a partir de diciembre 2021. Un atacante podr\\u00eda colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. Este marcado es convertido en unescaped, causando que el marcado arbitrario sea inyectado en el documento\"}]",
      "id": "CVE-2022-24682",
      "lastModified": "2024-11-21T06:50:51.877",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-02-09T04:15:07.400",
      "references": "[{\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Security_Center\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-116\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-24682\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-02-09T04:15:07.400\",\"lastModified\":\"2024-11-21T06:50:51.877\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualizaci\u00f3n 1), como es explotado \\\"in the wild\\\" a partir de diciembre 2021. Un atacante podr\u00eda colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. Este marcado es convertido en unescaped, causando que el marcado arbitrario sea inyectado en el documento\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-02-25\",\"cisaActionDue\":\"2022-03-11\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Zimbra Webmail Cross-Site Scripting Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-116\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.8\",\"versionEndExcluding\":\"8.8.15\",\"matchCriteriaId\":\"9BDCCB43-EBE0-4E5D-B2E1-E346A3694AB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA48C450-201C-4398-AB65-EF6F95FB0380\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F759114-CF2D-48BF-8D09-EBE8D1ED1949\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"C43634F5-2946-44D2-8A50-B717374A8126\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"20315895-5410-4B88-B2D9-E9C5D79A64DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF405091-A832-4945-87EC-AA525F37DF91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9B6FFA8-CFD2-47C6-9475-79210CB9AA84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"964CA714-937C-4FC0-A1E9-07F846C786BD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAF8F155-1406-46ED-A81F-BCC4CE525F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*\",\"matchCriteriaId\":\"56A8F56B-3457-4C19-B213-3B04FEE8D7A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4F8D255-3F91-45FF-9133-4023BA688F9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"37BC4DF5-D111-4295-94FC-AA8929CDF2A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9D50108-0404-4791-8057-DB1786D311C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*\",\"matchCriteriaId\":\"858727DB-AE6F-435D-B8FD-6C94C3400E40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FA6AC95-288C-4ABA-B2A7-47E4134EDC31\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AA82728-5901-482A-83CF-F883D4B6A8E5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E762792-542E-43D0-A95A-E7F48F328A28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DD4641A-EC23-4B1A-8729-9AECD70390AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*\",\"matchCriteriaId\":\"840F98DC-57F1-4054-A6C1-6E7F0340AC2C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE2A1305-68B7-4CB7-837F-4EDE2EBED507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"21768A61-7578-4EEC-A23B-FEC10CAA9EDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"661403E7-1D65-4710-8413-47D74FF65BE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0695D2E0-45B3-493C-BA6D-471B90C0ACC5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"714FAFE6-68AE-4304-B040-48BC46F85A2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"73FC2D2D-8BBD-4259-8B35-0D9BFA40567B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB97E9E6-CC4A-458D-B731-6D51130B942C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA688C43-846A-4C4A-AEDB-113D967D3D73\"}]}]}],\"references\":[{\"url\":\"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Security_Center\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Security_Center\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.