An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url.
References
Link | Resource |
---|---|
https://wiki.zimbra.com/wiki/Security_Center | Release Notes Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23 | Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16 | Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
https://wiki.zimbra.com/wiki/Security_Center | Release Notes Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23 | Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16 | Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 06:12
Type | Values Removed | Values Added |
---|---|---|
References | () https://wiki.zimbra.com/wiki/Security_Center - Release Notes, Vendor Advisory | |
References | () https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23 - Vendor Advisory | |
References | () https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16 - Vendor Advisory | |
References | () https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories - Vendor Advisory |
Information
Published : 2021-07-02 19:15
Updated : 2024-11-21 06:12
NVD link : CVE-2021-35207
Mitre link : CVE-2021-35207
CVE.ORG link : CVE-2021-35207
JSON object : View
Products Affected
zimbra
- collaboration
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')