Zimbra Collaboration Suite Cross-Site Scripting Vulnerability
Release Date:
6 Oct 2025
6253
Views
RISK: High Risk
TYPE: Servers - Internet App Servers
A vulnerability has been identified in Zimbra Collaboration Suite. A remote attacker could exploit this vulnerability to trigger cross-site scripting on the targeted system.
Note:
Impact
- Cross-Site Scripting
System / Technologies affected
- Zimbra Collaboration Kepler prior to 9.0.0 P44
- Zimbra Collaboration Daffodil prior to 10.0.13
- Zimbra Collaboration Daffodil prior to 10.1.5
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes
Vulnerability Identifier
Source
Related Link
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P44#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.13#Security_Fixes
- https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.5#Security_Fixes
- https://www.bleepingcomputer.com/news/security/hackers-exploited-zimbra-flaw-as-zero-day-using-icalendar-files/
Related Tags
Share with