First published: Thu Jul 02 2020(Updated: )
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Suite | <8.8.15 | |
Synacor Zimbra Collaboration Suite | =8.8.15 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p1 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p10 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p2 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p3 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p4 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p5 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p6 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p7 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p8 | |
Synacor Zimbra Collaboration Suite | =8.8.15-p9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13653 is an XSS vulnerability that exists in the Webmail component of Zimbra Collaboration Suite before version 8.8.15 Patch 11.
The vulnerability allows an attacker to inject executable JavaScript into the account name of a user's profile, which can be reflected and executed when changing an email signature.
The severity of CVE-2020-13653 is medium, with a CVSS score of 6.1.
Zimbra Collaboration Suite versions before 8.8.15 Patch 11 are affected by CVE-2020-13653.
To fix CVE-2020-13653, update Zimbra Collaboration Suite to version 8.8.15 Patch 11 or later.