CVE-2024-50599 Information

Description

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15 affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input allowing an attacker to inject malicious code that is reflected back in the HTML response.

Reference

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes