First published: Thu May 30 2019(Updated: )
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | =8.6.0 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p1 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p2 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p3 | |
Synacor Zimbra Collaboration Suite | =8.6.0-p4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-7609 is a vulnerability in Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 that allows for cross-site scripting (XSS) attacks via the error/warning dialog and email body content.
CVE-2015-7609 affects Synacor Zimbra Collaboration Suite 8.6.0, 8.6.0-p1, 8.6.0-p2, 8.6.0-p3, and 8.6.0-p4.
CVE-2015-7609 has a severity level of medium with a CVSS score of 6.1.
To fix CVE-2015-7609, it is recommended to upgrade to Synacor Zimbra Collaboration Suite 8.6.0 Patch 5 or a later version.
More information about CVE-2015-7609 can be found in the following references: [1] [2] [3]