CVE-2022-37044

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*

Information

Published : 2022-08-12 08:15

Updated : 2022-08-16 08:18


NVD link : CVE-2022-37044

Mitre link : CVE-2022-37044


JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa

Products Affected

zimbra

  • collaboration