ReportizFlow
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Synacor |
|
Configuration 1 [-]
|
No data.
References
History
Wed, 11 Jun 2025 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Synacor
Synacor zimbra Collaboration Suite |
|
| CPEs | cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:10.1.0:*:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24.1:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p24:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p25:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p26:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p27:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p28:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p29:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p30:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p31:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p32:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p33:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p34:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p35:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p36:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p37:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p38:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p39:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p40:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:* cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:* |
|
| Vendors & Products |
Synacor
Synacor zimbra Collaboration Suite |
Thu, 21 Nov 2024 19:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 | |
| Metrics |
cvssV3_1
|
Thu, 21 Nov 2024 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session. | |
| References |
|
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-21T00:00:00
Updated: 2024-11-21T18:03:40.186Z
Reserved: 2024-09-01T00:00:00
Link: CVE-2024-45513
Vulnrichment
Updated: 2024-11-21T18:03:36.596Z
NVD
Status : Analyzed
Published: 2024-11-21T17:15:15.793
Modified: 2025-06-11T21:17:25.640
Link: CVE-2024-45513
Redhat
No data.