CVE-2022-41351: 
Zimbra Collaboration Server vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Zimbra Collaboration Suite (ZCS) 8.8.15, specifically at the URL /h/calendar. The vulnerability allows attackers to trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string instead of its default value of 10 (CVE Mitre, Zimbra Wiki).

The vulnerability exists in the calendar component of the webmail interface, where insufficient input validation allows manipulation of the view and uncheck parameters. The CVSS score indicates a medium severity level of 6.1, suggesting moderate impact with some complexity in exploitation (Zimbra Wiki).

When successfully exploited, the vulnerability allows attackers to execute arbitrary JavaScript code in the context of the victim's browser session. This could potentially lead to information disclosure and unauthorized actions within the user's session (Zimbra Wiki).

The vulnerability has been fixed in subsequent patches. Organizations running affected versions should upgrade to the patched version 8.8.15 Patch 34 or later to mitigate this security issue (Zimbra Wiki).