{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-45514", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-21T18:11:27.957Z", "dateReserved": "2024-09-01T00:00:00", "datePublished": "2024-11-21T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-21T16:08:10.216818"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45514", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-21T18:05:16.317032Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T18:11:27.957Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-45514", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-21T18:05:16.317032Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-21T18:05:17.555Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-11-21T16:08:10.216818"}}}, "cveMetadata": {"cveId": "CVE-2024-45514", "state": "PUBLISHED", "dateUpdated": "2024-11-21T18:11:27.957Z", "dateReserved": "2024-09-01T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-11-21T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8BF8662-919E-4A40-917F-FEA0EA73491C", "versionEndExcluding": "8.8.15", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC78301D-6403-496F-A349-1C7BAC37797D", "versionEndExcluding": "10.0.9", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:-:*:*:*:*:*:*", "matchCriteriaId": "9E39A855-C0EB-4448-AE96-177757C40C66", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p1:*:*:*:*:*:*", "matchCriteriaId": "FFE7BE6E-7A9A-40C7-B236-7A21103E9F41", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p10:*:*:*:*:*:*", "matchCriteriaId": "B5924FFC-BA19-48B3-BF4D-0C2DB3FCD407", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p11:*:*:*:*:*:*", "matchCriteriaId": "7822D273-C2CB-4EFE-B929-3D34C65E005E", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p12:*:*:*:*:*:*", "matchCriteriaId": "F81528E8-FE3A-4C48-A747-34A3FF28BCAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p13:*:*:*:*:*:*", "matchCriteriaId": "D772D4BA-9ED6-492C-A0D3-0AF4F3D49037", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p14:*:*:*:*:*:*", "matchCriteriaId": "C2A468FE-B59B-4CE9-B9B2-C836EEAFA3E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p15:*:*:*:*:*:*", "matchCriteriaId": "04BECDE0-F082-49FB-ACA2-5C808902AA17", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p16:*:*:*:*:*:*", "matchCriteriaId": "56558FD4-4391-4199-BA6B-B53F5DC30144", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p17:*:*:*:*:*:*", "matchCriteriaId": "69A530D3-B84E-427B-BC92-64BBFEF331BE", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p18:*:*:*:*:*:*", "matchCriteriaId": "3C0DCE7F-85A4-44C6-88C8-380B0BBBFA7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p19:*:*:*:*:*:*", "matchCriteriaId": "180AF8B6-55AE-460C-B613-37FB697B5325", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p2:*:*:*:*:*:*", "matchCriteriaId": "6FCB5528-70FD-4525-A78B-D5537609331A", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p20:*:*:*:*:*:*", "matchCriteriaId": "34B07279-A26A-4EB1-8B33-885AD854018B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p21:*:*:*:*:*:*", "matchCriteriaId": "97402ADA-AB05-4A92-920D-EA5363424FDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p22:*:*:*:*:*:*", "matchCriteriaId": "697A1D34-FF0C-4F9E-8E91-34404A366D70", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p23:*:*:*:*:*:*", "matchCriteriaId": "9030D096-87A1-4AFF-BB7C-CE71990005B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p24:*:*:*:*:*:*", "matchCriteriaId": "F211A8B1-E33E-49BE-9C18-31B1902EB4FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p25:*:*:*:*:*:*", "matchCriteriaId": "4152CEA2-9DC1-4567-BAB3-9C36F74F77EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p26:*:*:*:*:*:*", "matchCriteriaId": "9BC02B35-7FC4-41AB-8D2E-2CD1896D84C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p27:*:*:*:*:*:*", "matchCriteriaId": "0294CB8B-B0AF-4A5C-B6B2-33F5BFFFBD4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p28:*:*:*:*:*:*", "matchCriteriaId": "968A75B4-6D23-4B83-A8B5-777D8F151E04", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p29:*:*:*:*:*:*", "matchCriteriaId": "5E11BC24-56A3-4CAB-B0B2-D2430CD80767", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*", "matchCriteriaId": "EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p30:*:*:*:*:*:*", "matchCriteriaId": "50FB0099-0495-4735-9398-7F7E657F459B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31:*:*:*:*:*:*", "matchCriteriaId": "FAE2858A-6D9E-4D79-AFA6-69C44D6D8C75", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31.1:*:*:*:*:*:*", "matchCriteriaId": "5C1D9EB8-E3FE-4BF3-8517-603BA4B126C2", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p32:*:*:*:*:*:*", "matchCriteriaId": "50A296BC-6DA4-41B2-923A-0633566AD6C1", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p33:*:*:*:*:*:*", "matchCriteriaId": "C066ED38-1175-48FB-BE05-BE0C19E9EBE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p34:*:*:*:*:*:*", "matchCriteriaId": "89B3EF32-B474-44DB-AE30-CD308CDC5A77", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p35:*:*:*:*:*:*", "matchCriteriaId": "A9ECCB00-F3F4-4EB7-9FD0-4CB64678B129", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p36:*:*:*:*:*:*", "matchCriteriaId": "37739F7A-490F-42A8-B97D-D09A3EDB85DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p37:*:*:*:*:*:*", "matchCriteriaId": "518662DA-C0F3-4875-86D7-5ED2B2496CC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p38:*:*:*:*:*:*", "matchCriteriaId": "64B28BE5-F35D-4AB0-A321-CEAE21BC26FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p39:*:*:*:*:*:*", "matchCriteriaId": "9DFBABD6-70F2-4E3B-A9C0-82DE76D48542", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p4:*:*:*:*:*:*", "matchCriteriaId": "BB3C28CA-4C22-423E-B1C7-CBAFBB91F4DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p40:*:*:*:*:*:*", "matchCriteriaId": "0D2D6DBD-560A-4F8E-B2CC-67A564C460A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p41:*:*:*:*:*:*", "matchCriteriaId": "BFBC20F8-7F50-4D9D-8442-3397DED4B18B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p42:*:*:*:*:*:*", "matchCriteriaId": "D175FCA2-F902-4470-BFF6-5EC2F31BB06D", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p43:*:*:*:*:*:*", "matchCriteriaId": "5516ED19-5648-4BC8-A9C2-6EE41B1794C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p44:*:*:*:*:*:*", "matchCriteriaId": "28D5F229-EE33-42C4-A26D-23BC760720A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p45:*:*:*:*:*:*", "matchCriteriaId": "A00BE897-F462-4193-BF51-4381B04C076B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*", "matchCriteriaId": "A9A1314A-20C8-42D7-9387-D914999EEAF6", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p6:*:*:*:*:*:*", "matchCriteriaId": "CEF091C5-8DC6-4A41-9E84-F53BE703F71B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p7:*:*:*:*:*:*", "matchCriteriaId": "ACD65C28-9716-4073-8613-C4AF12684760", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p8:*:*:*:*:*:*", "matchCriteriaId": "2C58AFFF-848F-490D-A95C-03A267C2DC98", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p9:*:*:*:*:*:*", "matchCriteriaId": "B62DC188-89A8-4AEA-90AE-563F0BBEFC54", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "32AFCE22-5ADA-4FF7-A165-5EC12B325DEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*", "matchCriteriaId": "D3577FE6-F1F4-4555-8D27-84D6DE731EA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:*", "matchCriteriaId": "931BD98E-1A5F-4634-945B-BDD7D2FAA8B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:*", "matchCriteriaId": "2E7C0A57-A887-4D29-B601-4275313F46B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:*", "matchCriteriaId": "B7248B91-D136-4DD5-A631-737E4C220A02", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:*", "matchCriteriaId": "494F6FD4-36ED-4E40-8336-7F077FA80FA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:*", "matchCriteriaId": "9DF8C0CE-A71D-4BB1-83FB-1EA5ED77E0C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:*", "matchCriteriaId": "E0648498-2EE5-4B68-8360-ED5914285356", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:*", "matchCriteriaId": "24282FF8-548B-415B-95CA-1EFD404D21D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:*", "matchCriteriaId": "ACFDF2D9-ED72-4969-AA3B-E8D48CB1922D", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:*", "matchCriteriaId": "2B7D0A8B-7A72-4C1A-85F2-BE336CA47E0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:*", "matchCriteriaId": "019AFC34-289E-4A01-B08B-A5807F7F909A", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*", "matchCriteriaId": "7E7B3976-DA6F-4285-93E6-2328006F7F4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:*", "matchCriteriaId": "062E586F-0E02-45A6-93AD-895048FC2D4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:*", "matchCriteriaId": "3EE37BEE-4BDB-4E62-8DE3-98CF74DFBE01", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:*", "matchCriteriaId": "ADF51BCA-37DD-4642-B201-74A6D1A545FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:*", "matchCriteriaId": "39611F3D-A898-4C35-8915-3334CDFB78E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:*", "matchCriteriaId": "40AB56B7-7222-4C44-A271-45DFE3673F72", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:*", "matchCriteriaId": "2AE8F501-4528-4F15-AE50-D4F11FB462DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:*", "matchCriteriaId": "AB9E054B-7790-4E74-A771-40BF6EC71610", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:*", "matchCriteriaId": "DD924E57-C77B-430B-A615-537BB39CEA9C", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p27:*:*:*:*:*:*", "matchCriteriaId": "F43F4AC0-7C82-4CF4-B0C7-3A4C567BC985", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p28:*:*:*:*:*:*", "matchCriteriaId": "7991F602-41D7-4377-B888-D66A467EAD67", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p29:*:*:*:*:*:*", "matchCriteriaId": "2193FCA2-1AE3-497D-B0ED-5B89727410E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:*", "matchCriteriaId": "FA310AFA-492D-4A6C-A7F6-740E82CB6E57", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p30:*:*:*:*:*:*", "matchCriteriaId": "FF95618B-0BFB-403C-83BE-C97879FC866D", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p31:*:*:*:*:*:*", "matchCriteriaId": "A82346A9-9CC2-4B91-BA2F-A815AAA92A7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p32:*:*:*:*:*:*", "matchCriteriaId": "2E800348-E139-418D-910B-7B3A9E1E721C", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p33:*:*:*:*:*:*", "matchCriteriaId": "C7DE1A7E-573B-42F3-B0A4-D2E676954FE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p34:*:*:*:*:*:*", "matchCriteriaId": "E60BC1D0-8552-4E6B-B2C5-96038448C238", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p35:*:*:*:*:*:*", "matchCriteriaId": "3924251E-13B0-420E-8080-D3312C3D54AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p36:*:*:*:*:*:*", "matchCriteriaId": "AEBE75F9-A494-4C78-927A-EA564BDCCE0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p37:*:*:*:*:*:*", "matchCriteriaId": "900BECBA-7FDB-4E35-9603-29706FB87BD2", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p38:*:*:*:*:*:*", "matchCriteriaId": "5024FD58-A3ED-43B1-83EF-F4570C2573BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p39:*:*:*:*:*:*", "matchCriteriaId": "3CC9D046-4EB4-4608-8AB7-B60AC330A770", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:*", "matchCriteriaId": "2AF337B5-B296-449B-8848-7636EC7C46C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p40:*:*:*:*:*:*", "matchCriteriaId": "A4535EC5-74D5-41E8-95F1-5C033ADB043E", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:*", "matchCriteriaId": "52232ACA-C158-48C8-A0DB-7689040CB8FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:*", "matchCriteriaId": "3B4D0040-86D0-46C3-8A9A-3DD12138B9ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:*", "matchCriteriaId": "D2BB9BC7-078D-4E08-88E4-9432D74CA9BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:*", "matchCriteriaId": "F04D4B77-D386-4BC8-8169-9846693F6F11", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:*", "matchCriteriaId": "992370FA-F171-4FB3-9C1C-58AC37038CE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C936B30B-C717-442B-8656-CF9EE3FC7C10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) hasta la versi\u00f3n v10.1. Existe una vulnerabilidad de cross site scripting (XSS) en uno de los endpoints de Zimbra Webmail debido a una desinfecci\u00f3n insuficiente del par\u00e1metro packages. Los atacantes pueden eludir las comprobaciones existentes mediante el uso de caracteres codificados, lo que permite la inyecci\u00f3n y ejecuci\u00f3n de JavaScript arbitrario dentro de la sesi\u00f3n de una v\u00edctima."}], "id": "CVE-2024-45514", "lastModified": "2025-06-11T21:17:14.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-11-21T16:15:25.820", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}