Last Updated on 02/03/2022 by Nidhi Khandelwal
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed zero-day issue in the Zimbra email platform to its Known Exploited Vulnerabilities Catalog, citing indications of active exploitation in the wild.
CVE-2022-24682 (CVSS: 6.1) is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite’s Calendar function that might be exploited by an attacker to deceive users into downloading arbitrary JavaScript code merely by clicking a link to vulnerable URLs in phishing communications.
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a recently disclosed zero-day issue in the Zimbra email platform to its Known Exploited Vulnerabilities Catalog, citing indications of active exploitation in the wild.
CVE-2022-24682 (CVSS: 6.1) is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite’s Calendar function that might be exploited by an attacker to deceive users into downloading arbitrary JavaScript code merely by clicking a link to vulnerable URLs in phishing communications.
The attacker is being tracked by Volexity under the alias “TEMP HERETIC,” with the attacks affecting Zimbra’s open-source edition running version 8.8.15. The bug has since been fixed with a hotfix (version 8.8.15 P30) from Zimbra.