cvedb.io
CVE-2024-45517
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2024-11-21T17:15:15.967 · Last modified 2026-06-17T07:54:22.020

Summary

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's session. This issue is caused by improper sanitization of user input, leading to potential compromise of sensitive information. Exploitation requires user interaction to access the malicious URL.

Affected products

synacor — zimbra_collaboration_suite

Does this affect you?

Add your gear to cvedb and we'll alert you only when synacor ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.