跳转到帖子

A stored XSS vulnerability in the `contacts/print` endpoint has been addressed.

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

A stored XSS vulnerability in the `contacts/print` endpoint has been addressed.

Severity
5
CVSS
(AV:N/AC:L/Au:M/C:P/I:P/A:N)
Published
11/21/2024
Created
01/16/2025
Added
01/10/2025
Modified
01/20/2025

Description

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session.

Solution(s)

  • zimbra-collaboration-upgrade-latest

References

  • https://attackerkb.com/topics/cve-2024-45513
  • CVE - 2024-45513
  • https://wiki.zimbra.com/wiki/Security_Center
  • https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
  • https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
  • https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
  • https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
  • 引用
  • Mention
    • 查看数 696
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表