CVE-2024-45512

{"id": "CVE-2024-45512", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-11-21T16:15:25.637", "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "tags": ["Product"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with the folder share notification, the malicious script executes in their browser. This stored Cross-Site Scripting (XSS) vulnerability can lead to unauthorized actions within the victim's session."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en el correo web en Zimbra Collaboration (ZCS) hasta la versi\u00f3n 10.1. Un atacante puede aprovechar esta vulnerabilidad creando una carpeta en el m\u00f3dulo Briefcase con un payload malicioso y comparti\u00e9ndola con una v\u00edctima. Cuando la v\u00edctima interact\u00faa con la notificaci\u00f3n de uso compartido de carpeta, el script malicioso se ejecuta en su navegador. Esta vulnerabilidad de cross site scripting (XSS) almacenado puede provocar acciones no autorizadas dentro de la sesi\u00f3n de la v\u00edctima."}], "lastModified": "2025-06-11T21:17:07.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95359DBD-9E47-43B2-8B26-0C906059E24B", "versionEndExcluding": "9.0.0"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC78301D-6403-496F-A349-1C7BAC37797D", "versionEndExcluding": "10.0.9", "versionStartIncluding": "10.0.0"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32AFCE22-5ADA-4FF7-A165-5EC12B325DEF"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3577FE6-F1F4-4555-8D27-84D6DE731EA3"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "931BD98E-1A5F-4634-945B-BDD7D2FAA8B0"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E7C0A57-A887-4D29-B601-4275313F46B3"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7248B91-D136-4DD5-A631-737E4C220A02"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "494F6FD4-36ED-4E40-8336-7F077FA80FA8"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9DF8C0CE-A71D-4BB1-83FB-1EA5ED77E0C9"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0648498-2EE5-4B68-8360-ED5914285356"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24282FF8-548B-415B-95CA-1EFD404D21D3"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACFDF2D9-ED72-4969-AA3B-E8D48CB1922D"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B7D0A8B-7A72-4C1A-85F2-BE336CA47E0B"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "019AFC34-289E-4A01-B08B-A5807F7F909A"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E7B3976-DA6F-4285-93E6-2328006F7F4D"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "062E586F-0E02-45A6-93AD-895048FC2D4C"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EE37BEE-4BDB-4E62-8DE3-98CF74DFBE01"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ADF51BCA-37DD-4642-B201-74A6D1A545FF"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "39611F3D-A898-4C35-8915-3334CDFB78E5"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40AB56B7-7222-4C44-A271-45DFE3673F72"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AE8F501-4528-4F15-AE50-D4F11FB462DE"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB9E054B-7790-4E74-A771-40BF6EC71610"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD924E57-C77B-430B-A615-537BB39CEA9C"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F43F4AC0-7C82-4CF4-B0C7-3A4C567BC985"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p28:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7991F602-41D7-4377-B888-D66A467EAD67"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p29:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2193FCA2-1AE3-497D-B0ED-5B89727410E3"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA310AFA-492D-4A6C-A7F6-740E82CB6E57"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p30:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF95618B-0BFB-403C-83BE-C97879FC866D"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p31:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A82346A9-9CC2-4B91-BA2F-A815AAA92A7F"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p32:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E800348-E139-418D-910B-7B3A9E1E721C"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p33:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7DE1A7E-573B-42F3-B0A4-D2E676954FE0"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p34:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E60BC1D0-8552-4E6B-B2C5-96038448C238"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p35:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3924251E-13B0-420E-8080-D3312C3D54AF"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p36:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEBE75F9-A494-4C78-927A-EA564BDCCE0B"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p37:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "900BECBA-7FDB-4E35-9603-29706FB87BD2"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p38:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5024FD58-A3ED-43B1-83EF-F4570C2573BA"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p39:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CC9D046-4EB4-4608-8AB7-B60AC330A770"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AF337B5-B296-449B-8848-7636EC7C46C5"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p40:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4535EC5-74D5-41E8-95F1-5C033ADB043E"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52232ACA-C158-48C8-A0DB-7689040CB8FB"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B4D0040-86D0-46C3-8A9A-3DD12138B9ED"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2BB9BC7-078D-4E08-88E4-9432D74CA9BA"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F04D4B77-D386-4BC8-8169-9846693F6F11"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "992370FA-F171-4FB3-9C1C-58AC37038CE4"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C936B30B-C717-442B-8656-CF9EE3FC7C10"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}