CVE-2023-43102: 
Zimbra Collaboration Server vulnerability analysis and mitigation

A cross-site scripting (XSS) vulnerability was discovered in Zimbra Collaboration (ZCS) before version 10.0.4, identified as CVE-2023-43102. The vulnerability was disclosed and fixed in September 2023, affecting multiple versions of the software including versions before 10.0.4. The issue has also been addressed in 8.8.15 Patch 43 and 9.0.0 Patch 36. This vulnerability impacts the Zimbra Collaboration Suite's webmail system (Zimbra Security, CVE Details).

The vulnerability is classified as a cross-site scripting (XSS) issue that can be exploited to gain unauthorized access to an authenticated user's mailbox. The CVSS v3.1 base score for this vulnerability is 6.1 (MEDIUM), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

When successfully exploited, this vulnerability allows an attacker to gain access to the mailbox of an authenticated user. This could lead to unauthorized access to sensitive email communications and personal information stored in the affected user's mailbox (Zimbra Advisories).

The vulnerability has been fixed in Zimbra Collaboration version 10.0.4 and is also addressed in 8.8.15 Patch 43 and 9.0.0 Patch 36. Organizations running affected versions should upgrade to these patched versions to mitigate the risk (Zimbra Security).

The vulnerability was reported by Florian Klaar, and Zimbra responded by releasing patches across multiple version branches to address the issue. The fix was part of a broader security update that addressed multiple vulnerabilities in the Zimbra Collaboration Suite (Zimbra Advisories).