CVE-2023-24031 — Vulnetix

CVE-2023-24031 PUBLISHED CVSS 9.300000190734863 CRITICAL

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.

EPSS 0.45% · 64.0th percentile

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS Score

0.45%

64.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
zimbra	collaboration	9.0.0, 9.0.0, 9.0.0

Exploit Intelligence

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories (circl)
https://wiki.zimbra.com/wiki/Security_Center (circl)

Timeline

Mar 21, 2023 CVE Published
Jun 16, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Aug 26, 2023 EPSS Score
Sep 30, 2023 EPSS Score
Nov 5, 2023 EPSS Score
Dec 10, 2023 EPSS Score
Jan 15, 2024 EPSS Score
Feb 19, 2024 EPSS Score
Mar 26, 2024 EPSS Score
Apr 30, 2024 EPSS Score
Jun 5, 2024 EPSS Score

References

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P37 advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories url
https://wiki.zimbra.com/wiki/Security_Center url
https://nvd.nist.gov/vuln/detail/CVE-2023-24031 advisory

Open in Interactive Console →