2 matches found
CVE-2024-27443
CVE-2024-27443 affects Zimbra Collaboration (ZCS) 9.0 and 10.0, with a cross-site scripting flaw in the CalendarInvite feature caused by improper input validation of the calendar header. An attacker can embed a payload in a crafted calendar header sent via email; when a recipient views the messag...
CVE-2024-27443
An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0. A Cross-Site Scripting XSS vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, because of improper input validation in the handling of the calendar header. An attacker can exploit this v...