CVE-2024-45514

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration (ZCS) versions prior to 10.1.1

Description: A Cross-Site Scripting (XSS) issue exists due to insufficient sanitization of the packages parameter in one of the endpoints of Zimbra Webmail. This allows attackers to bypass existing checks by using encoded characters, enabling the injection and execution of arbitrary JavaScript within a victim's session.

Recommendations: For versions prior to 10.1.1, update to Zimbra Daffodil (v10.1.1) Patch Release to resolve the Cross-Site Scripting (XSS) vulnerability. As a temporary workaround, consider restricting access to the vulnerable endpoint in Zimbra Webmail until the patch is applied.