Reflected Cross-Site Scripting Vulnerability in Zimbra Collaboration
CVE-2024-45511

Currently unrated

Key Information:

Vendor: Zimbra
Status: Zimbra Collaboration Suite (ZCS)
Vendor: CVE Published:; 20 November 2024

What is CVE-2024-45511?

An issue was identified in Zimbra Collaboration through version 10.1, involving a reflected Cross-Site Scripting vulnerability within the Briefcase module. This flaw arises due to insufficient sanitation of file content processed by the OnlyOffice formatter. Attackers can exploit this vulnerability by crafting malicious URLs that target shared folders containing harmful files. When victims interact with such URLs, the vulnerability permits the execution of arbitrary JavaScript within the context of the user's session, potentially compromising sensitive information.

References

https://wiki.zimbra.com/wiki/Security_Center

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosur...

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Secur...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2024
Vulnerability Reserved
Sep 1, 2024