CVE-2018-6882

Published Mar 27, 2018

Last updated 16 days ago

Exploit known CVSS medium 6.1

Overview

Description: Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 2.7
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Known exploits

Data from CISA

Vulnerability name: Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
Exploit added on: Apr 19, 2022
Exploit action due: May 10, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-79
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C57EE5B-88CB-4C0A-B36A-9EA6182D41A9",
            "versionEndExcluding": "8.7"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03F83226-BA97-4D17-9308-DE2705A37AC2"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B8555354-CE05-4A50-9DA6-F62F6A55AB12"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5064C2C1-605A-4B35-8940-C824DC989AAB"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29A9742A-ABE8-4307-995D-4EBBC9923D44"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7DB501C-E7C8-4D87-A2FE-DA52E1E66B39"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DE425FC-5201-4EAB-8B40-87DA0F3B2120"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "08B9ACD5-1463-4C2E-8B13-DE5F221BD1B6"
          },
          {
            "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA0DEB5B-4086-473F-BE7E-EE2BAECFA096"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References