Versio.io

CVE-2022-24682

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 09-02-2022 05:15
Last modified: - 11-02-2022 06:23
Total changes: - 2

Description

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Low
Attack complexity
Network
Attack vector
None
Availability
Low
Confidentiality
Low
Integrity
None
Privileges required
Changed
Scope
Required
User interaction
6.1
Base score
2.8
2.7
Exploitability score
Impact score
 

Verification logic

OR
vendor=zimbra AND product=collaboration AND versionStartIncluding=8.8 AND versionEndExcluding=8.8.15
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=-
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p1
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p10
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p11
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p12
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p13
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p14
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p15
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p16
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p17
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p18
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p19
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p2
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p20
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p21
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p22
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p23
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p24
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p25
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p26
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p27
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p28
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p29
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p3
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p4
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p5
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p6
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p7
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p8
vendor=zimbra AND product=collaboration AND version=8.8.15 AND update=p9
 

Reference

 


Keywords

NVD

 

CVE-2022-24682

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.