Posted by Sysdream Labs on Feb 25

======================================
Multiple CSRF in Zimbra Mail interface
======================================

CVE-2015-6541

Description
===========

Multiple CSRF vulnerabilities have been found in the Mail interface of
Zimbra 8.0.9 GA Release, enabling to change account
preferences like e-mail forwarding.

CSRF
====

Forms in the preferences part of old releases of Zimbra are vulnerable
to CSRF because of the lack of a CSRF token…