CVE-2023-48432

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 8.8.15 through 10.0

Description An issue was discovered in Zimbra Collaboration, where XSS, with resultant session stealing, can occur via JavaScript code in a link within an email message. This happens when a victim clicks on the link within Zimbra webmail, specifically targeting a webmail redirection endpoint.

Recommendations For versions 8.8.15, 9.0, and 10.0, consider disabling JavaScript execution for links within email messages as a temporary workaround until a patch is available. Restrict access to webmail redirection endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.