CVE-2018-14013

Опубликовано: 29 мая 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Средний

Описание

Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.

Ссылки

http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/3
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/01/30/1
Exploit
Mailing List
http://www.securityfocus.com/bid/106787
Third Party Advisory
VDB Entry
https://bugzilla.zimbra.com/show_bug.cgi?id=109017
Issue Tracking
Third Party Advisory
https://bugzilla.zimbra.com/show_bug.cgi?id=109018
Issue Tracking
Third Party Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Vendor Advisory
http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/3
Exploit
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/01/30/1
Exploit
Mailing List
http://www.securityfocus.com/bid/106787
Third Party Advisory
VDB Entry
https://bugzilla.zimbra.com/show_bug.cgi?id=109017
Issue Tracking
Third Party Advisory
https://bugzilla.zimbra.com/show_bug.cgi?id=109018
Issue Tracking
Third Party Advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*

Версия до 8.7.11 (исключая)

cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*

Версия от 8.8.0 (включая) до 8.8.9 (исключая)

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:-:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p4:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p5:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p6:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:-:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p1:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p2:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p3:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p4:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p7:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.9:p8:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:-:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p2:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p3:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.10:p4:*:*:*:*:*:*

cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.11:-:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.41164

Средний

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-437w-56m7-gqfx