Cross-Site Scripting Vulnerability in Zimbra Collaboration Products
CVE-2023-45206

6.1MEDIUM

Key Information:

Vendor: Zimbra
Status: Collaboration
Vendor: CVE Published:; 13 February 2024

What is CVE-2023-45206?

A vulnerability identified in the Zimbra Collaboration Suite allows attackers to exploit the help document endpoint in webmail by injecting malicious JavaScript or HTML code. This can facilitate cross-site scripting (XSS) attacks, compromising user sessions and potentially leading to unauthorized actions. To mitigate this risk, it is essential to implement proper message handling and validate user input to prevent the execution of untrusted code.

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

https://wiki.zimbra.com/wiki/Security_Center

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosur...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 13, 2024
Vulnerability Reserved
Oct 5, 2023