Conversation
AttackerKB
attackerkb
New assessment for topic: CVE-2025-32354
Topic description: "In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation ..."
"On the 17th December 2024, Zimbra released an [advisory](https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes) warning that Zimbra versions before `10.1.4` were susceptible to Cross-Site Request Forgery (CSRF) attacks on an exposed GraphQL endpoint ..."
Link: https://attackerkb.com/assessments/48571868-d8f5-4408-8e24-b7ccec2ef7e3
Topic description: "In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation ..."
"On the 17th December 2024, Zimbra released an [advisory](https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.4#Security_Fixes) warning that Zimbra versions before `10.1.4` were susceptible to Cross-Site Request Forgery (CSRF) attacks on an exposed GraphQL endpoint ..."
Link: https://attackerkb.com/assessments/48571868-d8f5-4408-8e24-b7ccec2ef7e3
0
0
0