Lucene search
China National Vulnerability DatabaseCNVD-2022-87925HistoryOct 14, 2022 - 12:00 a.m.
Zimbra Collaboration Suite Cross-Site Scripting Vulnerability
2022-10-1400:00:00
China National Vulnerability Database
www.cnvd.org.cn
12
zimbra collaboration suite
synacor inc
cross-site scripting
vulnerability
user-supplied data
img element
0.001 Low
EPSS
Percentile
33.7%
Synacor Zimbra Collaboration Suite (ZCS) is an open source collaboration suite from Synacor, Inc. Zimbra Collaboration Suite version 9.0.0 contains a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the onerror attribute of the IMG element, which could be exploited by attackers to obtain sensitive information such as user cookies.
| CPE | Name | Operator | Version |
|---|---|---|---|
| zimbra zimbra collaboration suite๏ผzcs๏ผ | eq | 9.0.0 |
Related
cve
cve
CVE-2022-41348
2022-10-12 20:15:11
prion
prion
Information disclosure
2022-10-12 20:15:00
nvd
nvd
CVE-2022-41348
2022-10-12 20:15:11
cvelist
cvelist
CVE-2022-41348
2022-10-12 00:00:00
osv
osv
CVE-2022-41348
2022-10-12 20:15:11
nessus
nessus
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
2022-10-13 00:00:00