CVE-2023-45207

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 8.8.15 through 10.0

Description An issue was discovered in Zimbra Collaboration, where an attacker can send a malicious PDF document through mail that contains JavaScript code. When this file is previewed in webmail using the Chrome browser, the stored XSS payload is executed. The issue has been mitigated by sanitizing the JavaScript code present in a PDF document.

Recommendations For Zimbra Collaboration (ZCS) versions 8.8.15 through 10.0, the issue has been mitigated by sanitising the JavaScript code present in a PDF document. As a temporary workaround, consider disabling the preview of PDF documents in webmail until the issue is fully resolved. Restrict access to the webmail feature to minimize the risk of exploitation. Avoid using the webmail preview feature for PDF documents until the issue is resolved.