CVE-2024-45512

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite (ZCS) versions through 10.1

Description The issue exists due to inadequate protection of the web page structure in the Briefcase Module of the Zimbra Collaboration Suite (ZCS). An attacker can exploit this by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with the folder share notification, the malicious script executes in their browser, leading to unauthorized actions within the victim's session. This is a stored Cross-Site Scripting (XSS) vulnerability.

Recommendations For Zimbra Collaboration Suite (ZCS) versions through 10.1, update to Zimbra Daffodil (v10.1.1) or later to fix the Stored Cross-Site Scripting (XSS) vulnerability in the Briefcase module. As a temporary workaround, consider restricting access to the Briefcase module until a patch is applied.