CVE-2018-10939

Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p2:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.7.11:p3:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p1:*:*:*:*:*:*
cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.8:p3:*:*:*:*:*:*
cpe:2.3:a:zimbra:zimbra_collaboration_suite:8.8.8:p2:*:*:*:*:*:*

History

No history.

Information

Published : 2018-05-30 21:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-10939

Mitre link : CVE-2018-10939

CVE.ORG link : CVE-2018-10939


JSON object : View

Products Affected

zimbra

  • zimbra_collaboration_suite

synacor

  • zimbra_collaboration_suite
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')