Posted by Sysdream Labs on Jan 12

# CVE-2016-3403: Multiple CSRF in Zimbra Administration interface

## Description

Multiple CSRF vulnerabilities have been found in the administration
interface of Zimbra, giving possibilities like adding, modifying and
removing admin accounts.

## Vulnerability

Every forms in the Administration part of Zimbra are vulnerable to CSRF
because of the lack of a CSRF token identifying a valid session. As a
consequence, requests can be forged and…