{
  "id": "CVE-2024-45511",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-11-20T19:15:06.123",
  "lastModified": "2024-11-20T19:15:06.123",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder containing a malicious file uploaded by the attacker. The vulnerability allows the attacker to execute arbitrary JavaScript in the context of the victim's session."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://wiki.zimbra.com/wiki/Security_Center",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
      "source": "cve@mitre.org"
    }
  ]
}