CVE-2026-33370 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Zimbra Briefcase feature du…
Medium CVSS: 6.1

CVE-2026-33370

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious scripts, the embedded JavaScript executes in the context of the user's session. This allows an attacker to run arbitrary scripts, potentially leading to data exfiltration or other unauthorized actions on behalf of the victim user.
Vendor
Synacor
Product
Zimbra Collaboration Suite
CWE
CWE-79
Yayın Tarihi
2026-03-20 14:16:16
Güncelleme
2026-04-01 15:36:22
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-79 Zimbra Collaboration Suite MEDIUM Synacor 2026

Referanslar

https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories