Unrated severityNVD Advisory· Published Jul 30, 2025· Updated Jul 30, 2025

CVE-2024-45515

Description

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manipulated metadata, allowing them to bypass content type checks and execute arbitrary JavaScript within the victim's session.

Affected products

Zimbra/Collaborationdescription
Zimbra/Zimbra Collaboration (ZCS)llm-fuzzy
Range: <=10.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wiki.zimbra.com/wiki/Security_Centermitre
wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9mitre
wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policymitre
wiki.zimbra.com/wiki/Zimbra_Security_Advisoriesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000