mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
33 lines
1.2 KiB
JSON
33 lines
1.2 KiB
JSON
{
|
|
"id": "CVE-2024-45511",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-11-20T19:15:06.123",
|
|
"lastModified": "2024-11-20T19:15:06.123",
|
|
"vulnStatus": "Received",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder containing a malicious file uploaded by the attacker. The vulnerability allows the attacker to execute arbitrary JavaScript in the context of the victim's session."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Security_Center",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |