Full ^hot^ | Cve20207796 Zimbra Collaboration Suite

Once the user clicks the link, the XSS payload executes in their browser, with full access to:

She decides to test on a staging clone.

In some scenarios, it may be possible to steal login credentials or inject malware through chained exploits. Current Threat Status cve20207796 zimbra collaboration suite full

Before diving into the details, here is a quick overview of the key attributes of CVE-2020-7796: Once the user clicks the link, the XSS

CVE-2020-7796 is a critical Server-Side Request Forgery (SSRF) Once the user clicks the link

file=../../../../../../../../opt/zimbra/bin/zmcontrol&cmd=status&ext=foo

The vulnerability impacts . Remediation and Mitigation