First published: Wed May 30 2018(Updated: )
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | >=8.7.0<=8.7.11 | |
Synacor Zimbra Collaboration Suite | >=8.8.0<=8.8.8 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p1 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p2 | |
Synacor Zimbra Collaboration Suite | =8.7.11-p3 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p1 | |
Synacor Zimbra Collaboration Suite | =8.8.8-p3 | |
Zimbra Zimbra Collaboration Suite | =8.8.8-p2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-10939 is a vulnerability in Zimbra Web Client (ZWC) in Zimbra Collaboration Suite that allows for persistent cross-site scripting (XSS) attacks via a contact group.
CVE-2018-10939 affects Zimbra Collaboration Suite versions 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4.
CVE-2018-10939 has a severity rating of medium with a CVSS score of 6.1.
To fix CVE-2018-10939, you need to update Zimbra Collaboration Suite to version 8.8.8.Patch4 or 8.7.11.Patch4.
You can find more information about CVE-2018-10939 on the Zimbra blog and the Zimbra Security Center.