CVE-2024-27443

Summary

CVE-2024-27443 is a newly discovered Cross-Site Scripting (XSS) vulnerability affecting Zimbra Collaboration (ZCS) versions 9.0 and 10.0. This issue resides in the CalendarInvite feature of the Zimbra webmail classic user interface, which fails to adequately validate input in the handling of calendar headers. An attacker can exploit this by sending an email with a specially crafted calendar header containing an XSS payload. When a user opens this email in the Zimbra webmail classic interface, the payload is executed in their session, potentially allowing the attacker to run arbitrary JavaScript code.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.