CVE-2024-45512 is a stored Cross-Site Scripting (XSS) vulnerability identified in the Briefcase module of Zimbra Collaboration Suite (ZCS) webmail versions up to 10.1. The vulnerability arises because the application insufficiently sanitizes or encodes user-supplied input when creating folders that are then shared with other users. An attacker with the ability to create a folder can embed malicious JavaScript code within the folder's metadata or name. When the victim receives a folder share notification and interacts with it, the malicious script executes in the victim's browser under the context of the Zimbra webmail session. This script execution can lead to unauthorized actions such as session hijacking, performing actions on behalf of the victim, or stealing sensitive information accessible within the session. The attack requires the attacker to have at least limited privileges to create and share folders and requires the victim to interact with the notification, making exploitation moderately complex. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The CVSS v3.1 score of 6.1 reflects a medium severity, with network attack vector, low attack complexity, requiring privileges and user interaction, and impacts on confidentiality and integrity but not availability. No patches or known exploits are currently reported, indicating the vulnerability is newly disclosed and may not yet be widely exploited.

This vulnerability can lead to unauthorized actions within a victim's Zimbra webmail session, including potential session hijacking, data theft, or manipulation of mailbox contents. Organizations using affected Zimbra versions risk compromise of user accounts and sensitive email data if attackers exploit this vulnerability. Since Zimbra is widely used in enterprise and government environments for collaboration and email, exploitation could lead to data breaches, loss of trust, and operational disruption. The requirement for user interaction and limited privileges reduces the likelihood of automated mass exploitation but targeted attacks against high-value users remain a concern. The vulnerability affects confidentiality and integrity of user data but does not impact system availability. Organizations with large deployments of Zimbra Collaboration Suite, especially those with high-value targets such as government agencies, financial institutions, and large enterprises, face increased risk.

Organizations should immediately review their Zimbra Collaboration Suite deployments and upgrade to a patched version once available from the vendor. In the absence of an official patch, administrators should consider disabling the Briefcase module or restricting folder sharing capabilities to trusted users only. Implementing strict input validation and output encoding on folder names and metadata can help mitigate the risk. Additionally, educating users to be cautious when interacting with unexpected folder share notifications can reduce successful exploitation. Deploying Content Security Policy (CSP) headers to restrict script execution sources in the webmail interface can provide an additional layer of defense. Monitoring logs for unusual folder creation and sharing activities may help detect attempted exploitation. Finally, applying multi-factor authentication (MFA) can limit the impact of session hijacking attempts.