Persistent XSS Vulnerability in Zimbra Collaboration Suite by Zimbra
CVE-2018-10939

6.1MEDIUM

Key Information:

Vendor

Zimbra

Status
Zimbra Collaboration Suite
Vendor
CVE Published:
30 May 2018

What is CVE-2018-10939?

The Zimbra Web Client (ZWC) in the Zimbra Collaboration Suite prior to version 8.8.8.Patch4 for 8.8 and prior to 8.7.11.Patch4 for 8.7 is susceptible to a persistent XSS vulnerability. This security flaw allows attackers to inject malicious scripts via a contact group, potentially compromising user accounts and data integrity. Users are encouraged to apply the latest patches to mitigate this risk and safeguard their systems against potential exploitation.

References

https://wiki.zimbra.com/wiki/Security_Center
x_refsource_CONFIRM
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4
x_refsource_CONFIRM
https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.