CVE-2023-48432 Information

Description

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 9.0 and 10.0. XSS with resultant session stealing can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message e.g. if a victim clicks on that link within Zimbra webmail.

Reference

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy