An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url.
References
Link | Resource |
---|---|
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23 | Vendor Advisory |
https://wiki.zimbra.com/wiki/Security_Center | Release Notes Vendor Advisory |
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-07-02 12:15
Updated : 2021-07-09 08:36
NVD link : CVE-2021-35207
Mitre link : CVE-2021-35207
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
zimbra
- collaboration