1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Known Exploited Vulnerabilities CVE-2024-27443

Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability exploitation_technique T1566.002 Spearphishing Link
Comments
Attackers can send a malicious email with a specially crafted calendar header in order to execute arbitrary JavaScript code in the browser. This can lead to email collection, which can then be exfiltrated.
References
  1. https://blackkite.com/blog/focus-friday-tprm-insights-into-zimbra-draytek-vigor-atlassian-jira-data-center-tornado-and-mdaemon-vulnerabilities/
CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability primary_impact T1059.004 Unix Shell
Comments
Attackers can send a malicious email with a specially crafted calendar header in order to execute arbitrary JavaScript code in the browser
References
  1. https://blackkite.com/blog/focus-friday-tprm-insights-into-zimbra-draytek-vigor-atlassian-jira-data-center-tornado-and-mdaemon-vulnerabilities/
CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability primary_impact T1114 Email Collection
Comments
Attackers can send a malicious email with a specially crafted calendar header in order to execute arbitrary JavaScript code in the browser
References
  1. https://blackkite.com/blog/focus-friday-tprm-insights-into-zimbra-draytek-vigor-atlassian-jira-data-center-tornado-and-mdaemon-vulnerabilities/
CVE-2024-27443 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability secondary_impact T1041 Exfiltration Over C2 Channel
Comments
Attackers can send a malicious email with a specially crafted calendar header in order to execute arbitrary JavaScript code in the browser
References
  1. https://blackkite.com/blog/focus-friday-tprm-insights-into-zimbra-draytek-vigor-atlassian-jira-data-center-tornado-and-mdaemon-vulnerabilities/