{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "8.8.15-p19" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.8.15-p22" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.8.15-p28" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.8.15-p38" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "8.8.15-p42" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0.0-p12" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0.0-p15" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0.0-p21" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0.0-p31" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0.0-p35" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "9.0.0-p42" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "10.1.0" }, { "fixed": "10.1.4" }, { "introduced": "0" }, { "last_affected": "8.8.15-NA" }, { "introduced": "0" }, { "last_affected": "8.8.15-p1" }, { "introduced": "0" }, { "last_affected": "8.8.15-p11" }, { "introduced": "0" }, { "last_affected": "8.8.15-p20" }, { "introduced": "0" }, { "last_affected": "8.8.15-p26" }, { "introduced": "0" }, { "last_affected": "8.8.15-p3" }, { "introduced": "0" }, { "last_affected": "8.8.15-p30" }, { "introduced": "0" }, { "last_affected": "8.8.15-p31" }, { "introduced": "0" }, { "last_affected": "8.8.15-p32" }, { "introduced": "0" }, { "last_affected": "8.8.15-p33" }, { "introduced": "0" }, { "last_affected": "8.8.15-p34" }, { "introduced": "0" }, { "last_affected": "8.8.15-p35" }, { "introduced": "0" }, { "last_affected": "8.8.15-p40" }, { "introduced": "0" }, { "last_affected": "8.8.15-p43" }, { "introduced": "0" }, { "last_affected": "8.8.15-p44" }, { "introduced": "0" }, { "last_affected": "8.8.15-p45" }, { "introduced": "0" }, { "last_affected": "8.8.15-p5" }, { "introduced": "0" }, { "last_affected": "9.0.0-NA" }, { "introduced": "0" }, { "last_affected": "9.0.0-p1" }, { "introduced": "0" }, { "last_affected": "9.0.0-p19" }, { "introduced": "0" }, { "last_affected": "9.0.0-p20" }, { "introduced": "0" }, { "last_affected": "9.0.0-p23" }, { "introduced": "0" }, { "last_affected": "9.0.0-p25" }, { "introduced": "0" }, { "last_affected": "9.0.0-p26" }, { "introduced": "0" }, { "last_affected": "9.0.0-p27" }, { "introduced": "0" }, { "last_affected": "9.0.0-p28" }, { "introduced": "0" }, { "last_affected": "9.0.0-p33" }, { "introduced": "0" }, { "last_affected": "9.0.0-p36" }, { "introduced": "0" }, { "last_affected": "9.0.0-p37" }, { "introduced": "0" }, { "last_affected": "9.0.0-p38" }, { "introduced": "0" }, { "last_affected": "9.0.0-p4" }, { "introduced": "0" }, { "last_affected": "9.0.0-p7" } ] }, "events": [ { "introduced": "52b539ef205db233bfd8116e8130e27735b4153c" }, { "fixed": "16fcfbde0910368571419d9becd0401a95af6e7f" }, { "introduced": "0" }, { "last_affected": "ac6081fa002b1511e926aba37740d2b6c20f3f43" }, { "introduced": "0" }, { "last_affected": "29eea219faf34718f0ef1cda7c3f02c89910c96c" }, { "introduced": "0" }, { "last_affected": "29eea219faf34718f0ef1cda7c3f02c89910c96c" }, { "introduced": "0" }, { "last_affected": "62480d2f6aace77ee01bb4b8f46a3eff49cbdfd3" }, { "introduced": "0" }, { "last_affected": "71b1626efff0a90ba64ff3e5ab192683e6dccc9a" }, { "introduced": "0" }, { "last_affected": "905970576d6fe337150f09c0ad7a0f53aa1a8f42" }, { "introduced": "0" }, { "last_affected": "5ae8f73501330bc788daed9c82c1222857d85b8b" }, { "introduced": "0" }, { "last_affected": "fe985a33cb83f82816a1e8f93d8d864112a6504e" }, { "introduced": "0" }, { "last_affected": "b7209ef3fd859fda5537cc7fbfdeb97cbd1ab931" }, { "introduced": "0" }, { "last_affected": "6c2b2cd41fa3625cbd1c12f4e14e07eece395a31" }, { "introduced": "0" }, { "last_affected": "3dbd48fe84d22132463b3758e3a40be19267fc9f" }, { "introduced": "0" }, { "last_affected": "dbb831c2de39b20cda7ea1e0063645d3cb6d1770" }, { "introduced": "0" }, { "last_affected": "2d471250d21cf4051227b7513e16df3a1f56ba86" }, { "introduced": "0" }, { "last_affected": "f67d315f2985f71ebd97a53cc5b43b39cfdb8c91" }, { "introduced": "0" }, { "last_affected": "2d66a4676f5dc69ca8f413989594d5103a89edf8" }, { "introduced": "0" }, { "last_affected": "7dee674129cc00d1829343a9bdcda37a9ca4ada8" }, { "introduced": "0" }, { "last_affected": "0e40da921adb967639011de45841cef4c4601413" }, { "introduced": "0" }, { "last_affected": "b6cd8f69d2761c014d4a3807f0bdee0011386444" }, { "introduced": "0" }, { "last_affected": "5561a39cba0898c3bb5e188284d98f498d7a3c9a" }, { "introduced": "0" }, { "last_affected": "5561a39cba0898c3bb5e188284d98f498d7a3c9a" }, { "introduced": "0" }, { "last_affected": "d3209df466110d214b2ab6593f931a59c2127db8" }, { "introduced": "0" }, { "last_affected": "c8a93da38fd1572d864c1becbcc772ba91ee4403" }, { "introduced": "0" }, { "last_affected": "202d83762fca70b7403c144e1fedddc6cd4930a6" }, { "introduced": "0" }, { "last_affected": "a163a5dc09ec091fed86421118ec56c90384997a" }, { "introduced": "0" }, { "last_affected": "b2faf1c074bf6e2f4f76acd11b9ad5a0b4caec40" }, { "introduced": "0" }, { "last_affected": "0bea2f7ec388cc09cb3de4ee93344df2695b91a8" }, { "introduced": "0" }, { "last_affected": "9173353f25559ed524c7a40c799056c01c3418d4" }, { "introduced": "0" }, { "last_affected": "c27b145236b09c5487259d943dd54ffdea0ccbb3" }, { "introduced": "0" }, { "last_affected": "8d7f3750f42f0a59d61c1b44d8df1000a52ce9f2" }, { "introduced": "0" }, { "last_affected": "bc50e7d47c56532b226a1c88c8011127e006940b" }, { "introduced": "0" }, { "last_affected": "03d99a16095b73a73770fbb6131d10234cfc13fd" }, { "introduced": "0" }, { "last_affected": "bcb978ccc354d99d843725886083e321759b6765" } ], "repo": "https://github.com/zimbra/zm-build", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "10.0.0" }, { "fixed": "10.0.12" }, { "introduced": "0" }, { "last_affected": "8.8.15-p10" }, { "introduced": "0" }, { "last_affected": "8.8.15-p12" }, { "introduced": "0" }, { "last_affected": "8.8.15-p13" }, { "introduced": "0" }, { "last_affected": "8.8.15-p14" }, { "introduced": "0" }, { "last_affected": "8.8.15-p15" }, { "introduced": "0" }, { "last_affected": "8.8.15-p16" }, { "introduced": "0" }, { "last_affected": "8.8.15-p17" }, { "introduced": "0" }, { "last_affected": "8.8.15-p18" }, { "introduced": "0" }, { "last_affected": "8.8.15-p2" }, { "introduced": "0" }, { "last_affected": "8.8.15-p23" }, { "introduced": "0" }, { "last_affected": "8.8.15-p24" }, { "introduced": "0" }, { "last_affected": "8.8.15-p25" }, { "introduced": "0" }, { "last_affected": "8.8.15-p27" }, { "introduced": "0" }, { "last_affected": "8.8.15-p29" }, { "introduced": "0" }, { "last_affected": "8.8.15-p31\\.1" }, { "introduced": "0" }, { "last_affected": "8.8.15-p36" }, { "introduced": "0" }, { "last_affected": "8.8.15-p37" }, { "introduced": "0" }, { "last_affected": "8.8.15-p39" }, { "introduced": "0" }, { "last_affected": "8.8.15-p4" }, { "introduced": "0" }, { "last_affected": "8.8.15-p41" }, { "introduced": "0" }, { "last_affected": "8.8.15-p46" }, { "introduced": "0" }, { "last_affected": "8.8.15-p6" }, { "introduced": "0" }, { "last_affected": "8.8.15-p7" }, { "introduced": "0" }, { "last_affected": "8.8.15-p8" }, { "introduced": "0" }, { "last_affected": "8.8.15-p9" }, { "introduced": "0" }, { "last_affected": "9.0.0-p10" }, { "introduced": "0" }, { "last_affected": "9.0.0-p11" }, { "introduced": "0" }, { "last_affected": "9.0.0-p13" }, { "introduced": "0" }, { "last_affected": "9.0.0-p14" }, { "introduced": "0" }, { "last_affected": "9.0.0-p16" }, { "introduced": "0" }, { "last_affected": "9.0.0-p17" }, { "introduced": "0" }, { "last_affected": "9.0.0-p18" }, { "introduced": "0" }, { "last_affected": "9.0.0-p2" }, { "introduced": "0" }, { "last_affected": "9.0.0-p22" }, { "introduced": "0" }, { "last_affected": "9.0.0-p24" }, { "introduced": "0" }, { "last_affected": "9.0.0-p24\\.1" }, { "introduced": "0" }, { "last_affected": "9.0.0-p29" }, { "introduced": "0" }, { "last_affected": "9.0.0-p3" }, { "introduced": "0" }, { "last_affected": "9.0.0-p30" }, { "introduced": "0" }, { "last_affected": "9.0.0-p32" }, { "introduced": "0" }, { "last_affected": "9.0.0-p34" }, { "introduced": "0" }, { "last_affected": "9.0.0-p39" }, { "introduced": "0" }, { "last_affected": "9.0.0-p40" }, { "introduced": "0" }, { "last_affected": "9.0.0-p41" }, { "introduced": "0" }, { "last_affected": "9.0.0-p5" }, { "introduced": "0" }, { "last_affected": "9.0.0-p6" }, { "introduced": "0" }, { "last_affected": "9.0.0-p8" }, { "introduced": "0" }, { "last_affected": "9.0.0-p9" } ] }, "events": [ { "introduced": "8033bd1ec9d7211c2eb5fa71aeb3b4073a8dc160" }, { "fixed": "36b0176b086d3ced0cd751ec0aca4d9869574496" }, { "introduced": "0" }, { "last_affected": "e9ebb1ed89f27827ea1963d1329b1f8335aba9ac" }, { "introduced": "0" }, { "last_affected": "7a895cdd697874d0b3e8b8caf58aca8587370df3" }, { "introduced": "0" }, { "last_affected": "befb6e4bf13dd05d09ecc82054e8eb1ef68ddcf5" }, { "introduced": "0" }, { "last_affected": "f2c89b7483feeb0e5230960ed59ecb8edb903507" }, { "introduced": "0" }, { "last_affected": "91cb5232eaceb21fe2ef176ea6b7835ed78ae185" }, { "introduced": "0" }, { "last_affected": "7a1bb7c8d0dafd59a551674e52c0b472d4cf275b" }, { "introduced": "0" }, { "last_affected": "60555cd490710748f161320029fcbdfc3379adfd" }, { "introduced": "0" }, { "last_affected": "abdcfc1e99045bfc2a7fd5d1aaa8e9769e478952" }, { "introduced": "0" }, { "last_affected": "8dd758add476db0ee9a7c1abab136e30ebde01b2" }, { "introduced": "0" }, { "last_affected": "e067b8c20a2c01c947342c4f3c625b40b08b918f" }, { "introduced": "0" }, { "last_affected": "9ce56d132f0d6668a108f53199cf4c6bf5d6c505" }, { "introduced": "0" }, { "last_affected": "5b8551b2bfdfc49af4ef5c7ca75f9c5061635031" }, { "introduced": "0" }, { "last_affected": "e3813a02221fd56ec25139371411b2cd781e2c13" }, { "introduced": "0" }, { "last_affected": "c1ce7ee805ce42b0ed8be10adbad7983dbf38c6f" }, { "introduced": "0" }, { "last_affected": "e0c8862be83f591fc1b032045e98b96796061373" }, { "introduced": "0" }, { "last_affected": "359e92ae32ffcbbdcd7787e4a8f1bafd8f1ae33c" }, { "introduced": "0" }, { "last_affected": "69e3baba70833e1941e04f7e988f663e533bc0aa" }, { "introduced": "0" }, { "last_affected": "65680a883fa99aaeeffca1757668f7ffb7314183" }, { "introduced": "0" }, { "last_affected": "efd11afe1b526bb03f59b699aaadf6a1449e0244" }, { "introduced": "0" }, { "last_affected": "9427799197093ee305e925fd73a18c63587b4c3e" }, { "introduced": "0" }, { "last_affected": "6053b5bdee8d4d9ec361176c480b96dc15f427e0" }, { "introduced": "0" }, { "last_affected": "d093cdf68ec6716be445c653277f602739a5086b" }, { "introduced": "0" }, { "last_affected": "a12b964a206748de6db6dc1da2ee16249aabafce" }, { "introduced": "0" }, { "last_affected": "58996926d8f031827e03ec788d69fd2d16739b1a" }, { "introduced": "0" }, { "last_affected": "d31ba9d45eb31100ea30461dd859a5a9663b1e4a" }, { "introduced": "0" }, { "last_affected": "943f2188be659dbccc17e6082dc0c542f9debea4" }, { "introduced": "0" }, { "last_affected": "82e2bdc9c525585c3d3c2bb383ed80b1feaf878e" }, { "introduced": "0" }, { "last_affected": "e641be6dd504882bd357015c8012195d5bb49da2" }, { "introduced": "0" }, { "last_affected": "e641be6dd504882bd357015c8012195d5bb49da2" }, { "introduced": "0" }, { "last_affected": "52c811a0259419b4e3d177f80c0ba7562d375cfa" }, { "introduced": "0" }, { "last_affected": "459d2044a9a205efee2b8998be41762876174dde" }, { "introduced": "0" }, { "last_affected": "497eef64675f6ae63972c50c24e26048640748f6" }, { "introduced": "0" }, { "last_affected": "dbe58ce9fb59913993aa2d7a5f2c28a292ee4a86" }, { "introduced": "0" }, { "last_affected": "63c14463c4393c0fcdec4a470e448d1d7dab76d1" }, { "introduced": "0" }, { "last_affected": "83f33002916b0d752667a29a7fcf865af4609e7a" }, { "introduced": "0" }, { "last_affected": "19ec057977b93892ef40c4d4d68b578bb8e4dea0" }, { "introduced": "0" }, { "last_affected": "848af7d9e2467b794b51a49afe3d1edef3ce6b66" }, { "introduced": "0" }, { "last_affected": "4576339cd43ab64c19dc87591825ab51cb79f07a" }, { "introduced": "0" }, { "last_affected": "2d2629d018b23dba6b5e984860724832adbe7014" }, { "introduced": "0" }, { "last_affected": "bcce34b646ae27b931802d859d47e4adfe981635" }, { "introduced": "0" }, { "last_affected": "f11cd2739a33347b5035c138813fd117378ec5c9" }, { "introduced": "0" }, { "last_affected": "69380ca2440983320d3262ef155852dbd5bac4f5" }, { "introduced": "0" }, { "last_affected": "31856510b3e72583143b1464bae867772e303bab" }, { "introduced": "0" }, { "last_affected": "fad224b80f4bbf39496d104d58947bc1ac4bca39" }, { "introduced": "0" }, { "last_affected": "a6fdb2b0bbe8c189fd212d798f71f183fd3318ba" }, { "introduced": "0" }, { "last_affected": "f323d75b09d42a6313b47d9a74aae96ec66aa1f8" }, { "introduced": "0" }, { "last_affected": "7d74bc7bfd7f78c7261d0e52baf42716630fc3f0" }, { "introduced": "0" }, { "last_affected": "10b7ff251aee6f4770ad75377a1f81491ad5bdb9" } ], "repo": "https://github.com/zimbra/zm-mailbox", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "8.8.15-p21" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "bd05dc4161a2046d2972fb744f98675fa0f5b4f0" } ], "repo": "https://github.com/zimbra/zm-zcs-lib", "type": "GIT" } ] } ], "details": "An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed \u003cimg\u003e tags with embedded JavaScript. The vulnerability is triggered when a user views a specially crafted email in the Classic UI, requiring no additional user interaction.", "id": "CVE-2024-45516", "modified": "2026-04-01T23:10:13.055685576Z", "published": "2025-05-14T20:15:20.857Z", "references": [ { "type": "WEB", "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy" }, { "type": "ADVISORY", "url": "https://wiki.zimbra.com/wiki/Security_Center" }, { "type": "ADVISORY", "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes" }, { "type": "ADVISORY", "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "type": "CVSS_V3" } ] }