What is the severity of CVE-2023-48432?

CVE-2023-48432 has a severity rating of medium due to the potential for XSS attacks and session stealing.

How do I fix CVE-2023-48432?

To fix CVE-2023-48432, apply the security patches provided for Zimbra Collaboration versions 8.8.15, 9.0, and 10.0.

What systems are affected by CVE-2023-48432?

CVE-2023-48432 affects Zimbra Collaboration system versions 8.8.15, 9.0, and 10.0 up to version 10.0.6.

Can CVE-2023-48432 be exploited via email?

Yes, CVE-2023-48432 can be exploited through malicious JavaScript code in links within email messages.

Is user interaction required for CVE-2023-48432 exploitation?

Yes, exploitation of CVE-2023-48432 requires user interaction, as the victim must click on the malicious link.

Vulnerability/
CVE-2023-48432

medium

6.1

CWE

13/2/2024

25/3/2025

CVE-2023-48432: XSS

First published: Tue Feb 13 2024(Updated: )

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
	>=10.0.0<10.0.6
	=8.8.15
	=8.8.15-p1
	=8.8.15-p10
	=8.8.15-p11
	=8.8.15-p12
	=8.8.15-p13
	=8.8.15-p14
	=8.8.15-p15
	=8.8.15-p16
	=8.8.15-p17
	=8.8.15-p18
	=8.8.15-p19
	=8.8.15-p2
	=8.8.15-p20
	=8.8.15-p21
	=8.8.15-p22
	=8.8.15-p23
	=8.8.15-p24
	=8.8.15-p25
	=8.8.15-p26
	=8.8.15-p27
	=8.8.15-p28
	=8.8.15-p29
	=8.8.15-p3
	=8.8.15-p30
	=8.8.15-p31
	=8.8.15-p32
	=8.8.15-p33
	=8.8.15-p34
	=8.8.15-p35
	=8.8.15-p37
	=8.8.15-p4
	=8.8.15-p40
	=8.8.15-p41
	=8.8.15-p42
	=8.8.15-p43
	=8.8.15-p44
	=8.8.15-p5
	=8.8.15-p6
	=8.8.15-p7
	=8.8.15-p8
	=8.8.15-p9
	=9.0.0
	=9.0.0-p0
	=9.0.0-p1
	=9.0.0-p10
	=9.0.0-p11
	=9.0.0-p12
	=9.0.0-p13
	=9.0.0-p14
	=9.0.0-p15
	=9.0.0-p16
	=9.0.0-p19
	=9.0.0-p2
	=9.0.0-p20
	=9.0.0-p21
	=9.0.0-p23
	=9.0.0-p24
	=9.0.0-p24.1
	=9.0.0-p25
	=9.0.0-p26
	=9.0.0-p27
	=9.0.0-p3
	=9.0.0-p33
	=9.0.0-p34
	=9.0.0-p35
	=9.0.0-p36
	=9.0.0-p37
	=9.0.0-p4
	=9.0.0-p5
	=9.0.0-p6
	=9.0.0-p7
	=9.0.0-p7.1
	=9.0.0-p8
	=9.0.0-p9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-48432?
CVE-2023-48432 has a severity rating of medium due to the potential for XSS attacks and session stealing.
How do I fix CVE-2023-48432?
To fix CVE-2023-48432, apply the security patches provided for Zimbra Collaboration versions 8.8.15, 9.0, and 10.0.
What systems are affected by CVE-2023-48432?
CVE-2023-48432 affects Zimbra Collaboration system versions 8.8.15, 9.0, and 10.0 up to version 10.0.6.
Can CVE-2023-48432 be exploited via email?
Yes, CVE-2023-48432 can be exploited through malicious JavaScript code in links within email messages.
Is user interaction required for CVE-2023-48432 exploitation?
Yes, exploitation of CVE-2023-48432 requires user interaction, as the victim must click on the malicious link.

agent/references
agent/author
agent/weakness
agent/description
agent/first-publish-date
agent/type
agent/severity
agent/source
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/zimbra
canonical/zimbra collaboration suite
version/zimbra collaboration suite/10.0.0
version/zimbra collaboration suite/8.8.15
version/zimbra collaboration suite/8.8.15-p1
version/zimbra collaboration suite/8.8.15-p10
version/zimbra collaboration suite/8.8.15-p11
version/zimbra collaboration suite/8.8.15-p12
version/zimbra collaboration suite/8.8.15-p13
version/zimbra collaboration suite/8.8.15-p14
version/zimbra collaboration suite/8.8.15-p15
version/zimbra collaboration suite/8.8.15-p16
version/zimbra collaboration suite/8.8.15-p17
version/zimbra collaboration suite/8.8.15-p18
version/zimbra collaboration suite/8.8.15-p19
version/zimbra collaboration suite/8.8.15-p2
version/zimbra collaboration suite/8.8.15-p20
version/zimbra collaboration suite/8.8.15-p21
version/zimbra collaboration suite/8.8.15-p22
version/zimbra collaboration suite/8.8.15-p23
version/zimbra collaboration suite/8.8.15-p24
version/zimbra collaboration suite/8.8.15-p25
version/zimbra collaboration suite/8.8.15-p26
version/zimbra collaboration suite/8.8.15-p27
version/zimbra collaboration suite/8.8.15-p28
version/zimbra collaboration suite/8.8.15-p29
version/zimbra collaboration suite/8.8.15-p3
version/zimbra collaboration suite/8.8.15-p30
version/zimbra collaboration suite/8.8.15-p31
version/zimbra collaboration suite/8.8.15-p32
version/zimbra collaboration suite/8.8.15-p33
version/zimbra collaboration suite/8.8.15-p34
version/zimbra collaboration suite/8.8.15-p35
version/zimbra collaboration suite/8.8.15-p37
version/zimbra collaboration suite/8.8.15-p4
version/zimbra collaboration suite/8.8.15-p40
version/zimbra collaboration suite/8.8.15-p41
version/zimbra collaboration suite/8.8.15-p42
version/zimbra collaboration suite/8.8.15-p43
version/zimbra collaboration suite/8.8.15-p44
version/zimbra collaboration suite/8.8.15-p5
version/zimbra collaboration suite/8.8.15-p6
version/zimbra collaboration suite/8.8.15-p7
version/zimbra collaboration suite/8.8.15-p8
version/zimbra collaboration suite/8.8.15-p9
version/zimbra collaboration suite/9.0.0
version/zimbra collaboration suite/9.0.0-p0
version/zimbra collaboration suite/9.0.0-p1
version/zimbra collaboration suite/9.0.0-p10
version/zimbra collaboration suite/9.0.0-p11
version/zimbra collaboration suite/9.0.0-p12
version/zimbra collaboration suite/9.0.0-p13
version/zimbra collaboration suite/9.0.0-p14
version/zimbra collaboration suite/9.0.0-p15
version/zimbra collaboration suite/9.0.0-p16
version/zimbra collaboration suite/9.0.0-p19
version/zimbra collaboration suite/9.0.0-p2
version/zimbra collaboration suite/9.0.0-p20
version/zimbra collaboration suite/9.0.0-p21
version/zimbra collaboration suite/9.0.0-p23
version/zimbra collaboration suite/9.0.0-p24
version/zimbra collaboration suite/9.0.0-p24.1
version/zimbra collaboration suite/9.0.0-p25
version/zimbra collaboration suite/9.0.0-p26
version/zimbra collaboration suite/9.0.0-p27
version/zimbra collaboration suite/9.0.0-p3
version/zimbra collaboration suite/9.0.0-p33
version/zimbra collaboration suite/9.0.0-p34
version/zimbra collaboration suite/9.0.0-p35
version/zimbra collaboration suite/9.0.0-p36
version/zimbra collaboration suite/9.0.0-p37
version/zimbra collaboration suite/9.0.0-p4
version/zimbra collaboration suite/9.0.0-p5
version/zimbra collaboration suite/9.0.0-p6
version/zimbra collaboration suite/9.0.0-p7
version/zimbra collaboration suite/9.0.0-p7.1
version/zimbra collaboration suite/9.0.0-p8
version/zimbra collaboration suite/9.0.0-p9