CVE-2024-45512

An issue was discovered in webmail in Zimbra Collaboration ZCS through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with the folder share notification, the malicious...

Zimbra Collaboration Server 10.0 < 10.0.9, 10.1.0 < 10.1.1 XSS

An issue was discovered in Zimbra Collaboration ZCS through 10.1. A reflected Cross-Site Scripting XSS issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder...

CVE-2024-45511

CVE-2024-45511 affects Zimbra Collaboration (ZCS) up to 10.1, via the Briefcase module. The root cause is improper sanitization of file contents by the OnlyOffice formatter, allowing a crafted URL to a shared folder containing a malicious file to execute arbitrary JavaScript in the victim’s sessi...

PT-2024-8655 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions through 10.1 Description: A reflected Cross-Site Scripting XSS issue exists in the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens ...

PT-2024-10389 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite ZCS versions through 10.1 Description: The issue exists due to inadequate protection of the web page structure in the Briefcase Module of the Zimbra Collaboration Suite ZCS. An attacker can exploit this by creating ...