CVE-2022-24682

MEDIUM KEV RANSOMWARE NUCLEI

Zimbra Collaboration Suite <8.8.15 patch 30 (update 1) - XSS

Title source: llm

Description

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.

Nuclei Templates (1)

Zimbra Collaboration Suite < 8.8.15 - Improper Encoding

MEDIUMby rxerium

Shodan: http.favicon.hash:"1624375939" || http.html:"Zimbra Collaboration Suite Web Client"

FOFA: icon_hash="1624375939"

References (6)

[Vendor Advisory] https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/

[Vendor Advisory] https://wiki.zimbra.com/wiki/Security_Center

[Release Notes, Vendor Advisory] https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30

[Vendor Advisory] https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

[Exploit, Third Party Advisory] https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-24682

Scores

CVSS v3 6.1

EPSS 0.8797

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CISA KEV 2022-02-25

VulnCheck KEV 2021-12-16

InTheWild.io 2021-12-16

ENISA EUVD EUVD-2022-29554

Ransomware Use Confirmed

CWE

CWE-116

Status published

Products (2)

synacor/zimbra_collaboration_suite 8.8.15 (30 CPE variants)

synacor/zimbra_collaboration_suite 8.8.0 - 8.8.15

Published Feb 09, 2022

KEV Added Feb 25, 2022

Tracked Since Feb 18, 2026