CVE-2022-24682

MEDIUM KEV RANSOMWARE NUCLEI

Zimbra Collaboration Suite <8.8.15 patch 30 (update 1) - XSS

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-24682 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 25, 2022, with confirmed use in ransomware campaigns. A Nuclei detection template is also available.

Description

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.

Nuclei Templates (1)

Zimbra Collaboration Suite < 8.8.15 - Improper Encoding
MEDIUMby rxerium
Shodan: http.favicon.hash:"1624375939" || http.html:"Zimbra Collaboration Suite Web Client"
FOFA: icon_hash="1624375939"

References (6)

Core 6

Scores

CVSS v3 6.1
EPSS 0.8863
EPSS Percentile 99.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact partial

Details

CISA KEV 2022-02-25
VulnCheck KEV 2021-12-16
InTheWild.io 2021-12-16
ENISA EUVD EUVD-2022-29554
Ransomware Use Confirmed
CWE
CWE-116
Status published
Products (2)
synacor/zimbra_collaboration_suite 8.8.15 (30 CPE variants)
synacor/zimbra_collaboration_suite 8.8.0 - 8.8.15
Published Feb 09, 2022
KEV Added Feb 25, 2022
Tracked Since Feb 18, 2026