CVE-2016-3410: XSS
First published: Wed Jan 18 2017(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zimbra Collaboration Suite | <=8.6.0 | |
| <=8.6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3410?
CVE-2016-3410 is classified as a medium severity vulnerability due to the potential for remote attackers to exploit cross-site scripting (XSS) vulnerabilities.
How do I fix CVE-2016-3410?
To fix CVE-2016-3410, upgrade Zimbra Collaboration to version 8.7.0 or later, which addresses these vulnerabilities.
What are the consequences of exploiting CVE-2016-3410?
Exploiting CVE-2016-3410 can allow remote attackers to inject arbitrary web scripts or HTML, leading to potential data theft or session hijacking.
Which versions of Zimbra Collaboration are affected by CVE-2016-3410?
CVE-2016-3410 affects all versions of Zimbra Collaboration before 8.7.0, specifically those up to 8.6.0.
Is there a way to mitigate risks associated with CVE-2016-3410 without upgrading?
Mitigation for CVE-2016-3410 can include implementing web application firewalls or content security policies, but upgrading is the recommended solution.
- agent/type
- agent/first-publish-date
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/event
- agent/tags
- vendor/synacor
- canonical/zimbra collaboration suite
- version/zimbra collaboration suite/8.6.0