An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manipulated metadata, allowing them to bypass content type checks and execute arbitrary JavaScript within the victim's session.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45515.json",
"cna_assigner": "mitre",
"unresolved_ranges": [
{
"extracted_events": [
{
"fixed": "10.1"
}
],
"source": "DESCRIPTION"
}
]
}{
"cpe": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "10.1.0"
}
],
"source": "CPE_RANGE"
}