About Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443) vulnerability

About Cross Site Scripting - Zimbra Collaboration (CVE-2024-27443) vulnerability

About Cross Site Scripting – Zimbra Collaboration (CVE-2024-27443) vulnerability. Zimbra Collaboration is a collaboration software suite that includes a mail server and a web client. An attacker can send an email containing a specially crafted calendar header with an embedded payload. If the user opens the email in the classic Zimbra web interface, the malicious JavaScript code will be executed in the context of the web browser window.

The vulnerability was fixed on February 28, 2024. As with the MDaemon vulnerability, exploitation of this vulnerability in the wild was reported by ESET researchers (Operation “RoundPress”). They discovered attacks in 2024, after the patch had already been released. The malicious code allowed attackers to steal credentials, extract contacts and settings, and gain access to email messages.

ESET published information about the attacks and a PoC exploit only on May 15, 2025. 🤷‍♂️ The flaw was added to the CISA KEV catalog on May 19.

На русском

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.