Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) prior to 8.5 allow remote malicious users to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zimbra zimbra collaboration server |