CVE-2024-45516 Information
Description
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43 10.0.x before 10.0.12 10.1.x before 10.1.4 and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the victim’s session potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content including malformed tags with embedded JavaScript. The vulnerability is triggered when the victim views a specially crafted email in the Classic UI causing the malicious script to execute. No further user interaction is required beyond viewing the email.
Reference
https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Share on: