CVE-2023-50808

Опубликовано: 13 фев. 2024

Источник: nvd

CVSS3: 6.1

CVSS3: 9.1

EPSS Низкий

Описание

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.

Ссылки

https://wiki.zimbra.com/wiki/Security_Center
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P38
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Vendor Advisory
https://wiki.zimbra.com/wiki/Security_Center
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P38
Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*

Версия до 9.0.0 (исключая)

cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p37:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p38:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*

cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.0053

Низкий

6.1 Medium

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-79

CWE-94

Связанные уязвимости

GHSA-4p3v-h475-6j2m

CVSS3: 9.1

github

почти 2 года назад

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.

EPSS

Процентиль: 67%

0.0053

Низкий

6.1 Medium

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-79

CWE-94