Cross-Site Scripting Vulnerability in Zimbra Collaboration by Zimbra
CVE-2024-45515
Currently unrated
What is CVE-2024-45515?
A Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration (ZCS) version 10.1, stemming from insufficient validation of content type metadata during the file import process in the webmail interface. By exploiting this security flaw, attackers can create a specially crafted file with altered metadata, which could enable them to bypass the necessary content type validation checks. This vulnerability poses a risk by allowing the execution of arbitrary JavaScript code within the context of a victim's session, potentially leading to unauthorized actions or data exposure.