Back

CVE-2024-33536

Aug. 12, 2024, 6:57 p.m.

Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.

Products

Zimbra Collaboration

  • 9.0
  • 10.0

Source

cve@mitre.org

Tags

cve@mitre.org
2024-08-12
CVE-2024-33536

CVE-2024-33536 details

Published : Aug. 12, 2024, 3:15 p.m.
Last Modified : Aug. 12, 2024, 6:57 p.m.

Description

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file, accessible externally, and crafting a URL containing its location in the res parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes cve@mitre.org
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.