CVE-2022-45911

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) version 9.0

Description An issue was discovered in the Classic UI login page where XSS can occur by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not get any sensitive information.

Recommendations For Zimbra Collaboration (ZCS) version 9.0, as a temporary workaround, consider restricting access to the Classic UI login page until a patch is available. Avoid using the username field in the affected login page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.