Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-27915 PoC — Zimbra Collaboration Server 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-27915.yaml
Associated Vulnerability
Title:Zimbra Collaboration Server 安全漏洞 (CVE-2025-27915)
Description:Zimbra Collaboration Server(ZCS)是Zimbra公司的一套电子邮件和协作解决方案。该方案提供电子邮件、联系人、日历、文件共享、社交网络等功能。 Zimbra Collaboration Server 9.0版本、10.0版本和10.1版本存在安全漏洞,该漏洞源于Classic Web Client对ICS文件中的HTML内容清理不足,可能导致存储型跨站脚本攻击。
Description
Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event inside a details tag, allowing attackers to perform unauthorized actions like email redirection and data exfiltration.
File Snapshot

 id: CVE-2025-27915

info:
  name: Zimbra - Cross-Site Scripting via ICS Files
  author: Snbig,EhsanC

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.