exploitDog

GHSA-m64q-8wxg-mfcp

Опубликовано: 13 окт. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 6.1

Описание

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.

Ссылки

EPSS

Процентиль: 70%

0.00637

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-41349

CVSS3: 6.1

nvd

больше 3 лет назад

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.

EPSS

Процентиль: 70%

0.00637

Низкий

6.1 Medium

CVSS3

CVE ID

Дефекты

CWE-79