Stored Cross-Site Scripting Vulnerability in Zimbra Webmail by Zimbra
CVE-2024-45510
Currently unrated
What is CVE-2024-45510?
A vulnerability has been identified in Zimbra Webmail (Modern UI) that allows attackers to exploit improper sanitization of user input, leading to stored Cross-Site Scripting (XSS) attacks. When an email is crafted containing malicious code and a victim adds the attacker to their contacts, the harmful script is stored and executed upon viewing the contact list. This poses significant risks, enabling unauthorized actions such as sending emails without consent, exfiltrating mailbox contents, altering profile pictures, and conducting further malicious activities. It is essential to implement robust input sanitization and escaping measures to safeguard against these types of vulnerabilities.