mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 17:21:36 +00:00
80 lines
2.8 KiB
JSON
80 lines
2.8 KiB
JSON
{
|
|
"id": "CVE-2024-45514",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-11-21T16:15:25.820",
|
|
"lastModified": "2024-11-21T18:15:08.980",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) hasta la versi\u00f3n v10.1. Existe una vulnerabilidad de cross site scripting (XSS) en uno de los endpoints de Zimbra Webmail debido a una desinfecci\u00f3n insuficiente del par\u00e1metro packages. Los atacantes pueden eludir las comprobaciones existentes mediante el uso de caracteres codificados, lo que permite la inyecci\u00f3n y ejecuci\u00f3n de JavaScript arbitrario dentro de la sesi\u00f3n de una v\u00edctima."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
|
|
"baseScore": 5.4,
|
|
"baseSeverity": "MEDIUM",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"userInteraction": "REQUIRED",
|
|
"scope": "CHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"exploitabilityScore": 2.3,
|
|
"impactScore": 2.7
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
|
|
"type": "Secondary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Security_Center",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |