Unrated severityCISA KEVNVD Advisory· Published Feb 9, 2022· Updated Oct 21, 2025
CVE-2022-24682
CVE-2022-24682
Description
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <8.8.15 patch 30
Patches
Vulnerability mechanics
References
5- blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/mitrex_refsource_MISC
- wiki.zimbra.com/wiki/Security_Centermitrex_refsource_MISC
- wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30mitrex_refsource_MISC
- wiki.zimbra.com/wiki/Zimbra_Security_Advisoriesmitrex_refsource_MISC
- www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.