CVE-2023-45206

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 8.8.15 through 10.0

Description An issue was discovered in Zimbra Collaboration, where an attacker can inject JavaScript or HTML code through the help document endpoint in webmail, leading to cross-site scripting (XSS). Adding an adequate message to avoid malicious code can mitigate this issue.

Recommendations For Zimbra Collaboration (ZCS) versions 8.8.15 through 10.0, consider adding an adequate message to avoid malicious code as a mitigation measure until a patch is available. As a temporary workaround, restrict access to the help document endpoint in webmail to minimize the risk of exploitation.