CVE-2024-27443

MEDIUM KEV NUCLEI

Zimbra Collaboration - Cross-Site Scripting (XSS)

Title source: nuclei
STIX 2.1

Exploitation Summary

CVE-2024-27443 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 19, 2025. A Nuclei detection template is also available.

Description

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this via an email message containing a crafted calendar header with an embedded XSS payload. When a victim views this message in the Zimbra webmail classic interface, the payload is executed in the context of the victim's session, potentially leading to execution of arbitrary JavaScript code.

Nuclei Templates (1)

Zimbra Collaboration - Cross-Site Scripting (XSS)
MEDIUMVERIFIEDby rxerium
Shodan: http.favicon.hash:"1624375939" || http.html:"zimbra collaboration suite web client" || http.favicon.hash:"475145467"
FOFA: icon_hash="1624375939" || app="zimbra-邮件系统" || body="zimbra collaboration suite web client" || icon_hash="475145467"

References (4)

Core 4

Scores

CVSS v3 6.1
EPSS 0.3288
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2025-05-19
VulnCheck KEV 2025-05-15
ENISA EUVD EUVD-2024-24646
CWE
CWE-79
Status published
Products (2)
zimbra/collaboration 9.0.0 (37 CPE variants)
zimbra/collaboration 10.0.0 - 10.0.7
Published Aug 12, 2024
KEV Added May 19, 2025
Tracked Since Feb 18, 2026