CVE Database · CVE-2022-24682
CVSS v3.1
6.1
EPSS
31.06%
Published
Feb 9, 2022
Modified
Nov 4, 2025
CISA Known Exploited Vulnerability
Added: 2022-02-25 · Due: 2022-03-11
Apply updates per vendor instructions.
Public PoC / Exploit (2)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NWeaknesses (CWE)
Affected Products (31)
References (11)