A critical security flaw has been discovered in the Zimbra Collaboration Suite (ZCS), potentially allowing hackers to execute malicious JavaScript code.
This cross-site scripting (XSS) flaw, identified as CVE-2024-33533, has been found in the Zimbra webmail admin interface. The vulnerability arises from inadequate input validation, which permits attackers to inject harmful scripts into the application.
https://cybersecuritynews.com/zimbra-xs ... lows-code/