Main Vulnerability Database Vulnerabilities #VU126624

#VU126624 Cross-site scripting in Zimbra Collaboration

Published: December 17, 2024 / Updated: April 21, 2026

Vulnerability identifier: #VU126624

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Zimbra Collaboration

Software vendor:
Synacor Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary script in the victim's browser.

The vulnerability exists due to cross-site scripting in Zimbra Classic UI when rendering crafted HTML content. A remote attacker can send crafted HTML content to execute arbitrary script in the victim's browser.

User interaction is required to view the crafted HTML content.

Remediation

Install security update from vendor's website.

External links

https://wiki.zimbra.com/wiki/Security_Center#ZCS_8.8.15_Patch_47_Released
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P47#Security_Fixes

#VU126624 Cross-site scripting in Zimbra Collaboration

Description

Remediation

External links

Please verify you're human