An issue exists in Zimbra Collaboration Suite 8.8 prior to 8.8.15 Patch 23 and 9.0 prior to 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zimbra collaboration |
||
zimbra collaboration 8.8.15 |
||
zimbra collaboration 9.0.0 |