Cross-Site Scripting in Zimbra Collaboration Webmail
CVE-2024-45514
Currently unrated
What is CVE-2024-45514?
A Cross-Site Scripting vulnerability has been identified in Zimbra Collaboration Webmail, allowing attackers to exploit insufficient sanitization of the packages parameter. By leveraging encoded characters, an attacker can bypass existing security measures, injecting and executing arbitrary JavaScript code within a user's session. This issue impacts multiple versions of Zimbra, including v10.1, exposing users to potential session hijacking and unauthorized actions.