CVE-2022-24682

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 9, 2022

Updated: Aug 8, 2023

CWE ID 116

Summary

CVE-2022-24682 is a vulnerability affecting the Calendar feature in Zimbra Collaboration Suite versions 8.8.x before 8.8.15 patch 30 (update 1), which was exploited in the wild since December 2021. Attackers can insert malicious HTML containing executable JavaScript into certain element attributes. The markup goes unescaped, leading to the injection of arbitrary markup into the document, potentially allowing for code execution and security breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zimbra Collaboration Suite

Affected Vendors

Zimbra

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/lk6gq0
https://www.cve.org/CVERecord?id=CVE-2022-24682
https://nvd.nist.gov/vuln/detail/CVE-2022-24682

Back to Vulnerability Database