Persistent Cross-Site Scripting in Zimbra Collaboration by Zimbra

CVE-2019-8945

What is CVE-2019-8945?

Zimbra Collaboration versions 8.7.x through 8.8.11P2 are susceptible to a persistent cross-site scripting (XSS) vulnerability. This flaw allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to session hijacking, data theft, and unauthorized actions performed on behalf of users. Organizations using affected versions are advised to apply patches and implement security best practices to mitigate the risks associated with this vulnerability.

References