{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-33533", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-03-13T20:12:37.623Z", "dateReserved": "2024-04-24T00:00:00.000Z", "datePublished": "2024-08-12T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-12T14:57:36.363Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file and crafting a URL containing its location in the packages parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-08-13T17:46:44.982487Z", "id": "CVE-2024-33533", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-13T20:12:37.623Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-33533", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-13T17:46:44.982487Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T17:46:52.357Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes"}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file and crafting a URL containing its location in the packages parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-08-12T14:57:36.363Z"}}}, "cveMetadata": {"cveId": "CVE-2024-33533", "state": "PUBLISHED", "dateUpdated": "2025-03-13T20:12:37.623Z", "dateReserved": "2024-04-24T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-08-12T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*", "matchCriteriaId": "A5BC091A-EE5A-4D34-9D2E-754D3C2FCA3F", "versionEndExcluding": "10.0.8", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*", "matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*", "matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*", "matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*", "matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*", "matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*", "matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*", "matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*", "matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*", "matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*", "matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*", "matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*", "matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*", "matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*", "matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*", "matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*", "matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*", "matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*", "matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*", "matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*", "matchCriteriaId": "FD1DCE2B-D944-43AE-AD0E-9282DE6D618F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*", "matchCriteriaId": "2079B9F8-128B-487D-A965-E8B37FDF6304", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*", "matchCriteriaId": "9679FD62-815E-47A8-8552-D28CE48B82B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*", "matchCriteriaId": "D659AE6A-591E-4D5B-9781-9648250F5576", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*", "matchCriteriaId": "E4054E3E-561C-4B1C-A615-3CCE5CB69D77", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*", "matchCriteriaId": "4FA0E9C4-25E4-4CD6-B88A-02B413385866", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*", "matchCriteriaId": "5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*", "matchCriteriaId": "9684AC81-B557-4292-8402-AE55CB2E613C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*", "matchCriteriaId": "32A352C4-0E9C-436F-ADA7-D93492A18037", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p39:*:*:*:*:*:*", "matchCriteriaId": "ABCA8698-AB88-4A6D-BD2B-DB22AEED6536", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*", "matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*", "matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*", "matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*", "matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*", "matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. This vulnerability occurs due to inadequate input validation of the packages parameter, allowing an authenticated attacker to inject and execute arbitrary JavaScript code within the context of another user's browser session. By uploading a malicious JavaScript file and crafting a URL containing its location in the packages parameter, the attacker can exploit this vulnerability. Subsequently, when another user visits the crafted URL, the malicious JavaScript code is executed."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 9.0 y 10.0, n\u00famero 1 de 2. Se identific\u00f3 una vulnerabilidad de cross site scripting (XSS) reflejado en la interfaz de administraci\u00f3n del correo web de Zimbra. Esta vulnerabilidad se produce debido a una validaci\u00f3n de entrada inadecuada del par\u00e1metro de paquetes, lo que permite a un atacante autenticado inyectar y ejecutar c\u00f3digo JavaScript arbitrario dentro del contexto de la sesi\u00f3n del navegador de otro usuario. Al cargar un archivo JavaScript malicioso y crear una URL que contenga su ubicaci\u00f3n en el par\u00e1metro de paquetes, el atacante puede aprovechar esta vulnerabilidad. Posteriormente, cuando otro usuario visita la URL manipulada, se ejecuta el c\u00f3digo JavaScript malicioso."}], "id": "CVE-2024-33533", "lastModified": "2025-03-13T21:15:39.390", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-08-12T15:15:20.480", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.8#Security_Fixes"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P40#Security_Fixes"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}