CNNVD-202507-3779 Information
CNNVD ID
CNNVD-202507-3779
Related CVE
- CNNVD Published: 2025-07-30
Description (Chinese)
Zimbra Collaboration是Zimbra公司的一个开源企业级电子邮件与协作平台,支持邮件、日历、文档管理及团队协作功能。 Zimbra Collaboration 10.1及之前版本存在安全漏洞,该漏洞源于文件导入时内容类型元数据验证不足,可能导致跨站脚本攻击。
Description (English)
Zimbra Collaboration is an open-source enterprise e-mail and collaboration platform for Zimbra to support mail, calendar, document management and teamwork functions. There is a security loophole in Zimbra Collaboration 10.1 and earlier versions, which stems from inadequate metadata validation of content type at the time of the document’s import, which may result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Zimbra
Published
2025-07-30
Last Modified
2026-02-24
References
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes https://wiki.zimbra.com/wiki/Security_Center https://access.redhat.com/security/cve/cve-2024-45515
Patch
https://wiki.zimbra.com/wiki/Security_Center
Share on: