CVE-2023-24031 Information

Description

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur via one of attributes of the webmail /h/ endpoint to execute arbitrary JavaScript code leading to information disclosure.

Reference

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center