Overview
- Description
- Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Known exploits
Data from CISA
- Vulnerability name
- Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
- Exploit added on
- Apr 19, 2022
- Exploit action due
- May 10, 2022
- Required action
- Apply updates per vendor instructions.
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6C57EE5B-88CB-4C0A-B36A-9EA6182D41A9",
"versionEndExcluding": "8.7"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03F83226-BA97-4D17-9308-DE2705A37AC2"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8555354-CE05-4A50-9DA6-F62F6A55AB12"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5064C2C1-605A-4B35-8940-C824DC989AAB"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29A9742A-ABE8-4307-995D-4EBBC9923D44"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7DB501C-E7C8-4D87-A2FE-DA52E1E66B39"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8DE425FC-5201-4EAB-8B40-87DA0F3B2120"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "08B9ACD5-1463-4C2E-8B13-DE5F221BD1B6"
},
{
"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA0DEB5B-4086-473F-BE7E-EE2BAECFA096"
}
],
"operator": "OR"
}
]
}
]