Vulnerability Details CVE-2024-45515
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manipulated metadata, allowing them to bypass content type checks and execute arbitrary JavaScript within the victim's session.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 2.0%
CVSS Severity
CVSS v3 Score 6.1
References
Products affected by CVE-2024-45515
-
cpe:2.3:a:zimbra:collaboration:-
-
cpe:2.3:a:zimbra:collaboration:10.0.0
-
cpe:2.3:a:zimbra:collaboration:10.0.1
-
cpe:2.3:a:zimbra:collaboration:10.0.10
-
cpe:2.3:a:zimbra:collaboration:10.0.11
-
cpe:2.3:a:zimbra:collaboration:10.0.12
-
cpe:2.3:a:zimbra:collaboration:10.0.13
-
cpe:2.3:a:zimbra:collaboration:10.0.2
-
cpe:2.3:a:zimbra:collaboration:10.0.3
-
cpe:2.3:a:zimbra:collaboration:10.0.4
-
cpe:2.3:a:zimbra:collaboration:10.0.5
-
cpe:2.3:a:zimbra:collaboration:10.0.6
-
cpe:2.3:a:zimbra:collaboration:10.0.7
-
cpe:2.3:a:zimbra:collaboration:10.0.8
-
cpe:2.3:a:zimbra:collaboration:10.0.9
-
cpe:2.3:a:zimbra:collaboration:10.1.0
-
cpe:2.3:a:zimbra:collaboration:8.7.10
-
cpe:2.3:a:zimbra:collaboration:8.7.11
-
cpe:2.3:a:zimbra:collaboration:8.7.6
-
cpe:2.3:a:zimbra:collaboration:8.7.7
-
cpe:2.3:a:zimbra:collaboration:8.7.9
-
cpe:2.3:a:zimbra:collaboration:8.8
-
cpe:2.3:a:zimbra:collaboration:8.8.0
-
cpe:2.3:a:zimbra:collaboration:8.8.10
-
cpe:2.3:a:zimbra:collaboration:8.8.11
-
cpe:2.3:a:zimbra:collaboration:8.8.12
-
cpe:2.3:a:zimbra:collaboration:8.8.15
-
cpe:2.3:a:zimbra:collaboration:8.8.2
-
cpe:2.3:a:zimbra:collaboration:8.8.3
-
cpe:2.3:a:zimbra:collaboration:8.8.4
-
cpe:2.3:a:zimbra:collaboration:8.8.6
-
cpe:2.3:a:zimbra:collaboration:8.8.7
-
cpe:2.3:a:zimbra:collaboration:8.8.8
-
cpe:2.3:a:zimbra:collaboration:8.8.9
-
cpe:2.3:a:zimbra:collaboration:9.0.0