An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens. The application accepts CSRF tokens supplied within the request body instead of requiring them through the expected request header. An attacker can exploit this issue by tricking an authenticated user into submitting a crafted request. This may allow unauthorized actions to be performed on behalf of the victim.
Add your gear to cvedb and we'll alert you only when synacor ships something exploited.
Check my exposure →This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.