Zimbra.Collaboration.Calendar.Reflected.XSS
Description
This indicates an attack attempt to exploit a Cross-Site Scripting Vulnerability in Zimbra Collaboration Server.
This vulnerability is due to insufficient input validation in the Calendar feature. A remote attacker could exploit this vulnerability by enticing the target user to click on a crafted link. Successful exploitation could result in execution of script code in the security context of the target user's browser.
Affected Products
Zimbra Collaboration Server 8.8.x prior to 8.8.15 p30
Impact
System Compromise: Remote attackers can execute arbitrary script code within the context of the target user's browser.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15/
Version Updates
Date | Version | Detail |
---|---|---|
2022-07-29 | 0.00325 |