PUBLISHED DATE: May 14, 2025CVE-2024-45516:
Cross-Site Scripting Vulnerability

Description

An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed <img> tags with embedded JavaScript. The vulnerability is triggered when a user views a specially crafted email in the Classic UI, requiring no additional user interaction.

Products

• Zimbra Collaboration Suite
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.0
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.10
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.11
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.1
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.2
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.3
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.4
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.5
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.6
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.7
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.8
• Synacor Zimbra Collaboration Suite (ZCS) 10.0.9
• Synacor Zimbra Collaboration Suite (ZCS) 10.1.0
• Synacor Zimbra Collaboration Suite (ZCS) 10.1.1
• Synacor Zimbra Collaboration Suite (ZCS) 10.1.2
• Synacor Zimbra Collaboration Suite (ZCS) 10.1.3
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 10
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 11
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 12
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 13
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 14
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 15
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 16
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 17
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 18
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 19
• Synacor Zimbra Collaboration Suite 8.8.15 Patch 1
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 20
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 21
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 22
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 23
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 24
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 25
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 26
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 27
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 28
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 29
• Synacor Zimbra Collaboration Suite 8.8.15 Patch 2
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 30
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 31.1
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 31
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 32
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 33
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 34
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 35
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 36
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 37
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 38
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 39
• Synacor Zimbra Collaboration Suite 8.8.15 Patch 3
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 40
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 41
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 42
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 43
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 44
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 45
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 46
• Synacor Zimbra Collaboration Suite 8.8.15 Patch 4
• Synacor Zimbra Collaboration Suite 8.8.15 Patch 5
• Synacor Zimbra Collaboration Suite 8.8.15 Patch 6
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 7
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 8
• Synacor Zimbra Collaboration Suite (ZCS) 8.8.15 Patch 9
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 10
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 11
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 12
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 13
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 14
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 15
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 16
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 17
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 18
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 19
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 1
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 20
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 21
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 22
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 23
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 P24.1
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 24
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 25
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 26
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 27
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 28
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 29
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 2
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 30
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 31
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 32
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 33
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 34
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 35
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 36
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 37
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 38
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 39
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 3
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 40
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 41
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 42
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 4
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 5
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 6
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 7
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 8
• Synacor Zimbra Collaboration Suite (ZCS) 9.0.0 Patch 9

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-2024-45516, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-2024-45516 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• http://webappsec.pbworks.com/Cross-Site+Scripting
• https://capec.mitre.org/data/definitions/209.html
• https://capec.mitre.org/data/definitions/588.html
• https://capec.mitre.org/data/definitions/591.html
• https://capec.mitre.org/data/definitions/592.html
• https://capec.mitre.org/data/definitions/63.html
• https://capec.mitre.org/data/definitions/85.html
• https://nvd.nist.gov/vuln/detail/CVE-2024-45516