What is the severity of CVE-2024-45510?

CVE-2024-45510 is considered a high-severity vulnerability due to its potential for exploitation via stored Cross-Site Scripting (XSS).

How do I fix CVE-2024-45510?

To fix CVE-2024-45510, upgrade Zimbra Collaboration to version 10.1.1 or later, which includes security fixes for this issue.

What type of vulnerability is CVE-2024-45510?

CVE-2024-45510 is categorized as a stored Cross-Site Scripting (XSS) vulnerability affecting Zimbra Webmail (Modern UI).

Who is affected by CVE-2024-45510?

CVE-2024-45510 affects all users of Zimbra Collaboration up to version 10.0.

What can attackers do with CVE-2024-45510?

Attackers exploiting CVE-2024-45510 can inject malicious code into email messages, potentially compromising users' systems when they open affected emails.

Vulnerability/
CVE-2024-45510

medium

5.4

CWE

20/11/2024

21/11/2024

CVE-2024-45510: XSS

First published: Wed Nov 20 2024(Updated: )

An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox exfiltration, profile picture alteration, and other malicious actions. Proper sanitization and escaping of input fields are necessary to mitigate this vulnerability.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zimbra Collaboration	<=10.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-45510?
CVE-2024-45510 is considered a high-severity vulnerability due to its potential for exploitation via stored Cross-Site Scripting (XSS).
How do I fix CVE-2024-45510?
To fix CVE-2024-45510, upgrade Zimbra Collaboration to version 10.1.1 or later, which includes security fixes for this issue.
What type of vulnerability is CVE-2024-45510?
CVE-2024-45510 is categorized as a stored Cross-Site Scripting (XSS) vulnerability affecting Zimbra Webmail (Modern UI).
Who is affected by CVE-2024-45510?
CVE-2024-45510 affects all users of Zimbra Collaboration up to version 10.0.
What can attackers do with CVE-2024-45510?
Attackers exploiting CVE-2024-45510 can inject malicious code into email messages, potentially compromising users' systems when they open affected emails.

agent/references
agent/first-publish-date
agent/type
agent/description
agent/author
collector/nvd-api
source/NVD
agent/severity
agent/last-modified-date
agent/event
collector/mitre-cve
source/MITRE
agent/weakness
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/zimbra
canonical/zimbra collaboration

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.