Force the server to send requests to arbitrary domains or internal hosts.
Disclaimer: The information in this article is based on publicly available data from 2020-2026. Always consult official Zimbra security advisories for the most up-to-date information. cve20207796 zimbra collaboration suite full
While some sources list a 6.8 medium severity, deeper analysis indicates a potential for critical impact (CVSS 9.8) if it allows full read/write access to internal services. Potential Impact Force the server to send requests to arbitrary
The application fails to properly sanitize or validate the URLs provided to the JSP component of this Zimlet. While some sources list a 6
To secure the environment, administrators should prioritize the following actions: Update Software:
The malicious script runs, allowing the attacker to steal session cookies, hijack the user's account, or redirect the user to a phishing site. Potential Impact on Organizations