{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-02-09T03:19:04", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC"], "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-24682", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"name": "https://wiki.zimbra.com/wiki/Security_Center", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"name": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/", "refsource": "MISC", "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"}, {"name": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/", "refsource": "MISC", "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"}, {"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T04:20:50.185Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-24682", "datePublished": "2022-02-09T03:19:04", "dateReserved": "2022-02-09T00:00:00", "dateUpdated": "2024-08-03T04:20:50.185Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-03-11", "cisaExploitAdd": "2022-02-25", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Zimbra Webmail Cross-Site Scripting Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BDCCB43-EBE0-4E5D-B2E1-E346A3694AB9", "versionEndExcluding": "8.8.15", "versionStartIncluding": "8.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*", "matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*", "matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*", "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*", "matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*", "matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*", "matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*", "matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*", "matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*", "matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*", "matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*", "matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*", "matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*", "matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*", "matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*", "matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*", "matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*", "matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*", "matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*", "matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*", "matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*", "matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*", "matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*", "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*", "matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*", "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*", "matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*", "matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*", "matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*", "matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document."}, {"lang": "es", "value": "Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualizaci\u00f3n 1), como es explotado \"in the wild\" a partir de diciembre 2021. Un atacante podr\u00eda colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. Este marcado es convertido en unescaped, causando que el marcado arbitrario sea inyectado en el documento"}], "id": "CVE-2022-24682", "lastModified": "2024-11-21T06:50:51.877", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-09T04:15:07.400", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-116"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}