PT-2024-31674 · Zimbra · Zimbra Daffodil
Published
2024-09-04
·
Updated
2025-07-30
·
CVE-2024-45515
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Zimbra Daffodil version 10.1.1
Description:
A Cross-Site Scripting (XSS) issue was resolved due to inadequate validation of metadata's Content-Type when importing files into the briefcase.
Recommendations:
For Zimbra Daffodil version 10.1.1, update to the latest patch release to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zimbra Daffodil