Cross-Site Scripting in Zimbra Collaboration Webmail

CVE-2024-45514

What is CVE-2024-45514?

A Cross-Site Scripting vulnerability has been identified in Zimbra Collaboration Webmail, allowing attackers to exploit insufficient sanitization of the packages parameter. By leveraging encoded characters, an attacker can bypass existing security measures, injecting and executing arbitrary JavaScript code within a user's session. This issue impacts multiple versions of Zimbra, including v10.1, exposing users to potential session hijacking and unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References