CVE-2021-35208

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.x through 8.8.15 Patch 22

Description: An issue was discovered in the Calendar Invite component, specifically in ZmMailMsgView.js. This issue allows an attacker to place HTML containing executable JavaScript inside element attributes, which becomes unescaped and causes arbitrary markup to be injected into the document.

Recommendations: For Zimbra Collaboration Suite versions 8.8.x through 8.8.15 Patch 22, update to version 8.8.15 Patch 23 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Calendar Invite component until a patch is applied.