CVE-2019-8946: XSS
First published: Mon Jan 27 2020(Updated: )
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zimbra Collaboration Server | >=8.7.0<=8.8.11 | |
| Zimbra Collaboration Server | =8.8.11-p1 | |
| Zimbra Collaboration Server | =8.8.11-p2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-8946?
CVE-2019-8946 is a vulnerability in Zimbra Collaboration 8.7.x - 8.8.11P2 that allows for persistent cross-site scripting (XSS) attacks.
How severe is CVE-2019-8946?
CVE-2019-8946 has a severity keyword of 'medium' with a severity value of 6.1 (out of 10).
How does CVE-2019-8946 affect Zimbra Collaboration Server?
CVE-2019-8946 affects Zimbra Collaboration Server versions 8.7.x to 8.8.11P2.
What is persistent XSS?
Persistent cross-site scripting (XSS) is a type of XSS attack where the injected code is permanently stored on the target server, allowing it to affect multiple users.
Is there a fix available for CVE-2019-8946?
Yes, Zimbra has released patches to fix the vulnerability. It is recommended to update to the latest version of Zimbra Collaboration Server.
- collector/nvd-index
- agent/references
- vendor/zimbra
- canonical/zimbra collaboration server
- version/zimbra collaboration server/8.7.0
- version/zimbra collaboration server/8.8.11
- version/zimbra collaboration server/8.8.11-p1
- version/zimbra collaboration server/8.8.11-p2