CVE-2020-7796 is a critical vulnerability in the Zimbra Collaboration Suite, which allows an attacker to inject arbitrary JavaScript code into the application. The vulnerability exists due to inadequate input validation in the Zimbra web application, specifically in the handling of autocomplete results. This flaw enables an attacker to craft a malicious request that injects JavaScript code, potentially leading to the theft of sensitive user data, session hijacking, or other malicious activities.
structure for testing your own environment against this SSRF? CVE-2020-7796 Detail - NVD cve20207796 zimbra collaboration suite full
The flaw resides in how the servlet validates (or fails to validate) the file parameter. In a typical request: CVE-2020-7796 is a critical vulnerability in the Zimbra
The ProxyServlet blindly follows the target parameter, ignoring host restrictions. It returns the login page of the Admin Console. structure for testing your own environment against this SSRF