CVE-2024-50599

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite version 8.8.15

Description A reflected Cross-Site Scripting (XSS) issue has been identified, arising from improper handling of user-supplied input. This allows an attacker to inject malicious code that is reflected back in the HTML response, affecting one of the webmail calendar endpoints. The vulnerability may enable a remote attacker to conduct a cross-site scripting (XSS) attack, potentially leading to data theft or account takeover.

Recommendations For Zimbra Collaboration Suite version 8.8.15, update the system to a patched version to mitigate the threats associated with this issue. As a temporary workaround, consider restricting access to the affected webmail calendar endpoint until a patch is available.