An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite prior to 8.8.15 Patch 11. It allows an malicious user to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
synacor zimbra collaboration suite |
||
synacor zimbra collaboration suite 8.8.15 |