CVE-2024-45516 – Zimbra Collaboration Classic UI Cross-Site Scripting Vulnerability

CVE ID : CVE-2024-45516

Published : May 14, 2025, 8:15 p.m. | 40 minutes ago

Description : An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the victim’s session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, including malformed tags with embedded JavaScript. The vulnerability is triggered when the victim views a specially crafted email in the Classic UI, causing the malicious script to execute. No further user interaction is required beyond viewing the email.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…