First published: Tue Mar 27 2018(Updated: )
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | <8.7 | |
Synacor Zimbra Collaboration Suite | =8.7 | |
Synacor Zimbra Collaboration Suite | =8.8.0 | |
Synacor Zimbra Collaboration Suite | =8.8.1 | |
Synacor Zimbra Collaboration Suite | =8.8.2 | |
Synacor Zimbra Collaboration Suite | =8.8.3 | |
Synacor Zimbra Collaboration Suite | =8.8.4 | |
Synacor Zimbra Collaboration Suite | =8.8.5 | |
Synacor Zimbra Collaboration Suite | =8.8.6 | |
Zimbra Collaboration Suite (ZCS) | ||
<8.7 | ||
=8.7 | ||
=8.8.0 | ||
=8.8.1 | ||
=8.8.2 | ||
=8.8.3 | ||
=8.8.4 | ||
=8.8.5 | ||
=8.8.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6882 is a cross-site scripting (XSS) vulnerability in the Zimbra Collaboration Suite (ZCS).
The CVE-2018-6882 vulnerability allows remote attackers to inject arbitrary web script or HTML through a Content-Location header in an email attachment in Zimbra Collaboration Suite (ZCS) versions before 8.7 Patch 1 and 8.8.x before 8.8.7.
The severity of CVE-2018-6882 is medium with a CVSS score of 6.1.
To fix the CVE-2018-6882 vulnerability, update Zimbra Collaboration Suite (ZCS) to version 8.7 Patch 1 or 8.8.7 or later.
You can find more information about the CVE-2018-6882 vulnerability at the following references: http://seclists.org/fulldisclosure/2018/Mar/52, http://www.securityfocus.com/archive/1/541891/100/0/threaded, https://bugzilla.zimbra.com/show_bug.cgi?id=108786.