Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/archive/1/541661/100/0/threaded | |
| https://bugzilla.zimbra.com/show_bug.cgi?id=107925 | Permissions Required |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Patch Vendor Advisory |
| https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2018-01-16 19:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-8802
Mitre link : CVE-2017-8802
CVE.ORG link : CVE-2017-8802
JSON object : View
Products Affected
synocor
- zimbra_collaboration_suite
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')