First published: Mon Jan 27 2020(Updated: )
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration Server | >=8.7.0<=8.8.11 | |
Zimbra Collaboration Server | =8.8.11-p1 | |
Zimbra Collaboration Server | =8.8.11-p2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8946 is a vulnerability in Zimbra Collaboration 8.7.x - 8.8.11P2 that allows for persistent cross-site scripting (XSS) attacks.
CVE-2019-8946 has a severity keyword of 'medium' with a severity value of 6.1 (out of 10).
CVE-2019-8946 affects Zimbra Collaboration Server versions 8.7.x to 8.8.11P2.
Persistent cross-site scripting (XSS) is a type of XSS attack where the injected code is permanently stored on the target server, allowing it to affect multiple users.
Yes, Zimbra has released patches to fix the vulnerability. It is recommended to update to the latest version of Zimbra Collaboration Server.