An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a <details> tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration.

Active exploitation has been observed for this cross-site scripting flaw. Urgent patching is recommended

According to its banner, the version of Zimbra Collaboration running on the remote host is 10.0.x prior to 10.0.13 or 10.1.x prior to 10.1.5. It is, therefore, affected by a Stored Cross-Site Scripting (XSS) vulnerability due to insufficient sanitization of HTML content in ICS files.

Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number.

According to its self-reported version number, Zimbra Collaboration Server is affected by the following vulnerability including:A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML. Using a specifically crafted email, a attacker can run embedded JavaScript to run arbitrary JavaScript within the victim's session, performing unauthorized actions on the victim's account, including e-mail redirection, data exfiltration, or malware installation.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
115005	Zimbra Collaboration 10.0.x < 10.0.13 Stored Cross-Site Scripting	Web App Scanning	Component Vulnerability	medium
115004	Zimbra Collaboration 10.1.x < 10.1.5 Stored Cross-Site Scripting	Web App Scanning	Component Vulnerability	medium
269804	Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.13, 10.1.x < 10.1.5 XSS	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2025-27915

medium

Tenable Plugins

medium

medium

medium