CVE-2025-48700 – Zimbra Collaboration Cross-Site Scripting (XSS) Vulnerability

June 23, 2025

CVE ID : CVE-2025-48700

Published : June 23, 2025, 3:15 p.m. | 3 hours, 9 minutes ago

Description : An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user’s session, potentially leading to unauthorized access to sensitive information. This issue arises from insufficient sanitization of HTML content, specifically involving crafted tag structures and attribute values that include an @import directive and other script injection vectors. The vulnerability is triggered when a user views a crafted e-mail message in the Classic UI, requiring no additional user interaction.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-52875 – JetBrains TeamCity DOM-Based XSS

Next Article CVE-2025-46101 – Beakon Software Beakon Learning Management System SCORM SQL Injection

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-48700 – Zimbra Collaboration Cross-Site Scripting (XSS) Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Using Large Language Models on Amazon Bedrock for multi-step task execution

RLHF 101: A Technical Tutorial on Reinforcement Learning from Human Feedback

CodeSOD: What a CAD

CVE-2025-4700 – GitLab CE/EE Cross-Site Scripting Vulnerability

CVE-2023-44753 – Student Management System Stored Cross-Site Scripting Vulnerability

Google AI Introduce the Articulate Medical Intelligence Explorer (AMIE): A Large Language Model Optimized for Diagnostic Reasoning, and Evaluate its Ability to Generate a Differential Diagnosis

ClangFormat – code formatting tool

CVE-2025-48259 – Juan Carlos WP Mapa Politico España CSRF

CVE-2025-48700 – Zimbra Collaboration Cross-Site Scripting (XSS) Vulnerability

Related Posts