CVE-2022-45913

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) version 9.0

Description An issue was discovered in Zimbra Collaboration where XSS can occur via one of the attributes in webmail URLs, allowing the execution of arbitrary JavaScript code and leading to information disclosure.

Recommendations For Zimbra Collaboration (ZCS) version 9.0, consider restricting access to webmail URLs to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using attributes in webmail URLs that could lead to the execution of arbitrary JavaScript code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.