Cross-Site Scripting Vulnerability in Zimbra Collaboration Webmail and Admin Panel
CVE-2024-45517
Currently unrated
What is CVE-2024-45517?
A Cross-Site Scripting vulnerability has been identified in Zimbra Collaboration, specifically within the /h/rest endpoint of both the webmail and admin panel interfaces. This vulnerability arises due to insufficient sanitization of user inputs, which means attackers can execute arbitrary JavaScript within the victim's session. Exploitation of this vulnerability necessitates user interaction, as users must be tricked into accessing a malicious URL to trigger the attack. This can potentially lead to the compromise of sensitive information, making it critical for users to remain vigilant regarding the links they click.