CNNVD-202601-876 Information
CNNVD ID
CNNVD-202601-876
Related CVE
- CNNVD Published: 2026-01-05
Description (Chinese)
Zimbra Collaboration是Zimbra公司的一个开源企业级电子邮件与协作平台,支持邮件、日历、文档管理及团队协作功能。 Zimbra Collaboration 10.0.18之前版本和10.1.13之前版本存在跨站脚本漏洞,该漏洞源于HTML电子邮件中CSS导入指令处理不当,可能导致存储型跨站脚本。
Description (English)
Zimbra Collaboration is an open-source enterprise e-mail and collaboration platform for Zimbra to support mail, calendar, document management and teamwork functions. There is a gap in the cross-site script before Zimbra Collaboration 10.2.18 and before 10.1.13, which stems from the improper handling of CSS import instructions in HTML e-mails, which may lead to storage-type cross-site scripts.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
Zimbra
Published
2026-01-05
Last Modified
2026-02-24
References
https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.13#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://access.redhat.com/security/cve/cve-2025-66376
Patch
https://www.zimbra.com/product/download/
Share on: