cvedb.io
CVE-2024-45514
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2024-11-21T16:15:25.820 · Last modified 2026-06-17T07:54:21.530

Summary

An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session.

Affected products

synacor — zimbra_collaboration_suite

Does this affect you?

Add your gear to cvedb and we'll alert you only when synacor ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.