CVE-2024-27443
Known Exploited Vulnerability Entry External Catalog
Entry Details
Confirmed
Yes
2025-05-19 00:00 UTC
Timestamps
2025-05-19
2025-05-19
Scope
KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes ; https://nvd.nist.gov/vuln/detail/CVE-2024-27443
References
- {'id': 'CVE-2024-27443', 'url': 'https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-27443'}
b3c2f122-aadb-4836-9329-f2c7a6f3ce11
405284c2-e461-4670-8979-7fd2c9755a60
2026-02-02 13:24 UTC
2026-02-06 07:53 UTC
Evidence (1)
| Type | Source | Signal | Confidence | Details | GCVE Metadata |
|---|---|---|---|---|---|
| vendor_report | cisa-kev | successful_exploitation | 0.80 |
View details |
- |