An issue exists in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x prior to 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zimbra collaboration |
||
zimbra collaboration 8.8.15 |