Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Zimbra Collaboration Suite 跨站请求伪造漏洞
Vulnerability Description
Zimbra Collaboration Suite(ZCS)是美国Synacor的一款开源协同办公套件。该产品包括WebMail、日历、通信录等。 Zimbra Collaboration Suite (ZCS) 8.8.15版本、9.0版本存在跨站请求伪造漏洞,该漏洞源于在使用 preauth 时,不会在某些 POST 端点上检查跨站请求伪造令牌。
CVSS Information
N/A
Vulnerability Type
N/A