CVE-2024-27443

KEV

Published: Ago 12, 2024 Last Modified: Ott 31, 2025

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,1

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: required

Scope: changed

Confidentiality: low

Integrity: low

Availability: none

Description

AI Translation Available

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,3243

Percentile

1,0th

Updated

EPSS Score Trend (Last 90 Days)

79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Confidentiality Integrity Availability

Potential Impacts:

Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: AI/ML, Web Based, Web Server

Likelihood of Exploit: High

View CWE Details

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version Range Affected

From 10.0.0 (inclusive)

To 10.0.7 (exclusive)

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

Application

Collaboration by Zimbra

Product Information

Vendor Zimbra

Product Collaboration

Version 9.0.0

CPE Identifier

View Detailed Analysis


                  cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*

Common Platform Enumeration - Standardized vulnerability identification

https://www.cisa.gov/known-exploited-vulnerabilities-catalo…

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024…

https://www.welivesecurity.com/en/eset-research/operation-r…

https://www.welivesecurity.com/en/eset-research/operation-roundpress/

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Securit…

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Secu…

https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes