Cross-Site Scripting Vulnerability in Zimbra Collaboration from Zimbra
CVE-2022-45911

6.1MEDIUM

Key Information:

Vendor

Zimbra

Status
Collaboration
Vendor
CVE Published:
6 January 2023

What is CVE-2022-45911?

A vulnerability in Zimbra Collaboration (ZCS) 9.0 allows for Cross-Site Scripting (XSS) exploitation on the Classic UI login page. Malicious actors can inject arbitrary JavaScript code into the username field, creating potential for harmful interactions before user authentication occurs. Although this vulnerability does not expose sensitive information directly, it poses risks by enabling attackers to execute unwanted scripts within the user interface.

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Security_Center

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.