CVE-2024-33533

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Aug 12, 2024

Updated: Aug 14, 2024

CWE ID 79

Summary

CVE-2024-33533 is a reflected cross-site scripting (XSS) vulnerability affecting Zimbra Collaboration (ZCS) 9.0 and 10.0. The issue lies in the Zimbra webmail admin interface, where inadequate input validation of the packages parameter allows an authenticated attacker to inject and execute arbitrary JavaScript code. By uploading a malicious JavaScript file and crafting a URL with its location in the packages parameter, an attacker can exploit this vulnerability, leading to the execution of the malicious code in another user's browser session.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zimbra Collaboration Suite

Affected Vendors

Zimbra

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/vlBHh_
https://www.cve.org/CVERecord?id=CVE-2024-33533
https://nvd.nist.gov/vuln/detail/CVE-2024-33533

Back to Vulnerability Database