Stored Cross-Site Scripting Vulnerability in Zimbra Collaboration by Zimbra
CVE-2026-33370
6.1MEDIUM
What is CVE-2026-33370?
A stored cross-site scripting vulnerability was identified in the Zimbra Briefcase feature of Zimbra Collaboration (ZCS) versions 10.0 and 10.1. This issue arises from the inadequate sanitization of uploaded file types, allowing attackers to embed malicious scripts in files shared publicly. When an unsuspecting user opens such a file, the embedded JavaScript can execute within their session context. This exploitation can potentially facilitate unauthorized actions or data exfiltration from the affected user's account.