vulnerability
Zimbra Collaboration: CVE-2024-45512: Fixed a Stored Cross-Site Scripting (XSS) vulnerability.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | Nov 21, 2024 | Jan 10, 2025 | Jul 17, 2025 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Nov 21, 2024
Added
Jan 10, 2025
Modified
Jul 17, 2025
Description
An issue was discovered in webmail in zimbra collaboration (zcs) through 10.1. an attacker can exploit this vulnerability by creating a folder in the briefcase module with a malicious payload and sharing it with a victim. when the victim interacts with the folder share notification, the malicious script executes in their browser. this stored cross-site scripting (xss) vulnerability can lead to unauthorized actions within the victim's session.
Solution
zimbra-collaboration-upgrade-latest
References
- CWE-79
- CVE-2024-45512
- https://attackerkb.com/topics/CVE-2024-45512
- URL-https://wiki.zimbra.com/wiki/Security_Center
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes
- URL-https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.