A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
References
| Link | Resource |
|---|---|
| https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 | Release Notes Vendor Advisory |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
Configurations
History
08 Aug 2023, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-Other |
29 Apr 2022, 01:23
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| CPE | cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
| References | (MISC) https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories - Vendor Advisory | |
| References | (MISC) https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 - Release Notes, Vendor Advisory | |
| References | (MISC) https://wiki.zimbra.com/wiki/Security_Center - Vendor Advisory |
21 Apr 2022, 00:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-21 00:15
Updated : 2024-02-04 22:29
NVD link : CVE-2022-27926
Mitre link : CVE-2022-27926
CVE.ORG link : CVE-2022-27926
JSON object : View
Products Affected
zimbra
- collaboration
CWE