CVE-2024-45194 is a stored Cross-Site Scripting (XSS) vulnerability identified in Zimbra Collaboration Suite (ZCS) versions 9.0 and 10.0, specifically within the Webmail Modern UI. The vulnerability arises because the application fails to properly sanitize input parameters when an administrator configures email accounts via the Zimbra Administration Panel. This flaw allows an attacker with administrative access to inject malicious JavaScript code that is persistently stored on the server. When legitimate users interact with specific elements of the web interface, the malicious script executes in their browser context, potentially leading to session hijacking, credential theft, or unauthorized actions performed on behalf of the user. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). Exploitation requires administrative privileges, which limits the attack surface, and user interaction is necessary to trigger the payload. The CVSS v3.1 base score is 4.8 (medium severity), reflecting network attack vector, low attack complexity, high privileges required, and user interaction needed. Currently, there are no known exploits in the wild, and no official patches have been linked yet. Mitigation involves implementing proper input validation and sanitization to prevent injection of malicious scripts during account configuration.

The primary impact of CVE-2024-45194 is on the confidentiality and integrity of user sessions within affected Zimbra Collaboration environments. Successful exploitation could allow attackers to execute arbitrary JavaScript in the context of users' browsers, potentially leading to theft of session cookies, credentials, or other sensitive information. It may also enable attackers to perform unauthorized actions on behalf of users, such as sending emails or modifying account settings. Although availability is not directly affected, the compromise of user accounts or administrative functions could lead to broader operational disruptions. Since exploitation requires administrative access, the threat is more significant in environments where administrative credentials are weakly protected or compromised. Organizations with large deployments of Zimbra Collaboration, especially those with many users relying on the Webmail Modern UI, face increased risk of lateral movement or privilege escalation if this vulnerability is exploited. The absence of known exploits reduces immediate risk but does not eliminate the potential for targeted attacks, especially in high-value environments.

1. Restrict and monitor administrative access to the Zimbra Administration Panel using strong authentication methods such as multi-factor authentication (MFA) and strict access controls. 2. Implement robust input validation and sanitization on all parameters accepted during email account configuration to prevent injection of malicious scripts. 3. Regularly audit and review administrative actions and configurations for suspicious or unauthorized changes. 4. Apply security updates and patches from Zimbra as soon as they become available to address this vulnerability. 5. Employ Content Security Policy (CSP) headers in the webmail interface to limit the execution of unauthorized scripts. 6. Educate administrators about the risks of XSS and the importance of secure configuration practices. 7. Monitor web traffic and logs for unusual activity that could indicate exploitation attempts. 8. Consider isolating or segmenting the Zimbra administration interface from general user access to reduce exposure.