CVE-2024-50599
MEDIUM EPSS 99.0%
Published Nov 7, 20241y ago · Modified Jun 17, 20262w ago
6.1 CVSS 3.1
Published Nov 7, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to inject malicious code that is reflected back in the HTML response.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
99.0% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-79 Cross-site Scripting Injection
Affected Products 47
| Vendor | Product | Version | Range |
|---|---|---|---|
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
| synacor | zimbra_collaboration_suite | 8.8.15 | any |
References 2
- wiki.zimbra.com https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes
- wiki.zimbra.com https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.