Stored Cross-Site Scripting Vulnerability in Zimbra Collaboration
CVE-2024-45194
Currently unrated
What is CVE-2024-45194?
In the Zimbra Collaboration Suite, versions 9.0 and 10.0, a stored Cross-Site Scripting (XSS) vulnerability exists in the Webmail Modern UI. This flaw permits an attacker with administrative access to the Zimbra Administration Panel to insert harmful JavaScript code during the configuration of an email account. The injected code is saved on the server and subsequently executed in the context of the victim's browser when they interact with particular elements of the web interface, potentially leading to unauthorized actions or data exposure. To mitigate this issue, it is imperative to sanitize input parameters effectively, thereby hindering the injection of malicious scripts.