First published: Wed Feb 12 2020(Updated: )
Zimbra 2013 has XSS in aspell.php
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Zimbra | =2013 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2013-1938 is medium with a CVSS score of 6.1.
CVE-2013-1938 affects Zimbra 2013 by introducing a cross-site scripting vulnerability in aspell.php.
To fix CVE-2013-1938 in Zimbra 2013, you should patch or upgrade Zimbra Collaboration (ZCS) to a version that addresses the vulnerability.
The Common Weakness Enumeration (CWE) ID for CVE-2013-1938 is CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')).
You can find more information about CVE-2013-1938 on the following websites: [1] http://www.openwall.com/lists/oss-security/2013/04/09/14 [2] http://www.openwall.com/lists/oss-security/2013/04/09/15 [3] http://www.securityfocus.com/bid/58913