Attackers exploit this by sending a crafted HTTP POST request containing a malicious URL payload to the vulnerable endpoint (typically involving files like httpPost.jsp ). Because the application trusts input blindly, it processes the request and executes an outbound network connection to the targeted URL on behalf of the attacker. The Threat Mechanism (SSRF)
/service/proxy?target=http://127.0.0.1:7071/service/admin/accounts
CVE-2020-27996 is a classic but powerful reflected XSS flaw in Zimbra Collaboration Suite, made severe due to Zimbra’s complex routing and proxy architecture. While its CVSS score is “Medium,” its real-world impact — especially when combined with CVE-2020-27995 — is . Administrators must patch immediately or apply strict URL filtering to prevent exploitation.
Once an administrative account is compromised, the attacker can gain control over the entire mail server.
Further technical details and patch instructions can be found on the NVD Detail Page and the Red Hat Customer Portal . CVE-2020-7796 Detail - NVD
: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 .