What is the severity of CVE-2021-35207?

The severity of CVE-2021-35207 is medium.

What is the affected software for CVE-2021-35207?

The affected software for CVE-2021-35207 is Zimbra Collaboration Suite versions 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16.

How can CVE-2021-35207 be fixed?

CVE-2021-35207 can be fixed by upgrading to Zimbra Collaboration Suite versions 8.8.15 Patch 23 or later, and 9.0.0 Patch 16 or later.

Where can I find more information about CVE-2021-35207?

You can find more information about CVE-2021-35207 on the Zimbra Collaboration Suite Security Center wiki page and the Zimbra Releases wiki pages.

Vulnerability/
CVE-2021-35207

medium

6.1

CWE

2/7/2021

9/7/2021

CVE-2021-35207: XSS

Q: How can an attacker exploit CVE-2021-35207?

An attacker can exploit CVE-2021-35207 by adding executable JavaScript to the loginErrorCode parameter in the login component of Zimbra Web Client.

First published: Fri Jul 02 2021(Updated: )

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Zimbra Collaboration	>=8.8<8.8.15
Zimbra Collaboration	=8.8.15
Zimbra Collaboration	=8.8.15-p1
Zimbra Collaboration	=8.8.15-p10
Zimbra Collaboration	=8.8.15-p11
Zimbra Collaboration	=8.8.15-p12
Zimbra Collaboration	=8.8.15-p13
Zimbra Collaboration	=8.8.15-p14
Zimbra Collaboration	=8.8.15-p15
Zimbra Collaboration	=8.8.15-p16
Zimbra Collaboration	=8.8.15-p17
Zimbra Collaboration	=8.8.15-p18
Zimbra Collaboration	=8.8.15-p19
Zimbra Collaboration	=8.8.15-p2
Zimbra Collaboration	=8.8.15-p20
Zimbra Collaboration	=8.8.15-p21
Zimbra Collaboration	=8.8.15-p22
Zimbra Collaboration	=8.8.15-p3
Zimbra Collaboration	=8.8.15-p4
Zimbra Collaboration	=8.8.15-p5
Zimbra Collaboration	=8.8.15-p6
Zimbra Collaboration	=8.8.15-p7
Zimbra Collaboration	=8.8.15-p8
Zimbra Collaboration	=8.8.15-p9
Zimbra Collaboration	=9.0.0
Zimbra Collaboration	=9.0.0-p1
Zimbra Collaboration	=9.0.0-p10
Zimbra Collaboration	=9.0.0-p11
Zimbra Collaboration	=9.0.0-p12
Zimbra Collaboration	=9.0.0-p13
Zimbra Collaboration	=9.0.0-p14
Zimbra Collaboration	=9.0.0-p15
Zimbra Collaboration	=9.0.0-p2
Zimbra Collaboration	=9.0.0-p3
Zimbra Collaboration	=9.0.0-p4
Zimbra Collaboration	=9.0.0-p5
Zimbra Collaboration	=9.0.0-p6
Zimbra Collaboration	=9.0.0-p7
Zimbra Collaboration	=9.0.0-p8
Zimbra Collaboration	=9.0.0-p9

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-35207?
The severity of CVE-2021-35207 is medium.
What is the affected software for CVE-2021-35207?
The affected software for CVE-2021-35207 is Zimbra Collaboration Suite versions 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16.
How can an attacker exploit CVE-2021-35207?
An attacker can exploit CVE-2021-35207 by adding executable JavaScript to the loginErrorCode parameter in the login component of Zimbra Web Client.
How can CVE-2021-35207 be fixed?
CVE-2021-35207 can be fixed by upgrading to Zimbra Collaboration Suite versions 8.8.15 Patch 23 or later, and 9.0.0 Patch 16 or later.
Where can I find more information about CVE-2021-35207?
You can find more information about CVE-2021-35207 on the Zimbra Collaboration Suite Security Center wiki page and the Zimbra Releases wiki pages.

collector/nvd-index
vendor/zimbra
canonical/zimbra collaboration
version/zimbra collaboration/8.8
version/zimbra collaboration/8.8.15
version/zimbra collaboration/8.8.15-p1
version/zimbra collaboration/8.8.15-p10
version/zimbra collaboration/8.8.15-p11
version/zimbra collaboration/8.8.15-p12
version/zimbra collaboration/8.8.15-p13
version/zimbra collaboration/8.8.15-p14
version/zimbra collaboration/8.8.15-p15
version/zimbra collaboration/8.8.15-p16
version/zimbra collaboration/8.8.15-p17
version/zimbra collaboration/8.8.15-p18
version/zimbra collaboration/8.8.15-p19
version/zimbra collaboration/8.8.15-p2
version/zimbra collaboration/8.8.15-p20
version/zimbra collaboration/8.8.15-p21
version/zimbra collaboration/8.8.15-p22
version/zimbra collaboration/8.8.15-p3
version/zimbra collaboration/8.8.15-p4
version/zimbra collaboration/8.8.15-p5
version/zimbra collaboration/8.8.15-p6
version/zimbra collaboration/8.8.15-p7
version/zimbra collaboration/8.8.15-p8
version/zimbra collaboration/8.8.15-p9
version/zimbra collaboration/9.0.0
version/zimbra collaboration/9.0.0-p1
version/zimbra collaboration/9.0.0-p10
version/zimbra collaboration/9.0.0-p11
version/zimbra collaboration/9.0.0-p12
version/zimbra collaboration/9.0.0-p13
version/zimbra collaboration/9.0.0-p14
version/zimbra collaboration/9.0.0-p15
version/zimbra collaboration/9.0.0-p2
version/zimbra collaboration/9.0.0-p3
version/zimbra collaboration/9.0.0-p4
version/zimbra collaboration/9.0.0-p5
version/zimbra collaboration/9.0.0-p6
version/zimbra collaboration/9.0.0-p7
version/zimbra collaboration/9.0.0-p8
version/zimbra collaboration/9.0.0-p9

CVE-2021-35207: XSS

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-35207?

What is the affected software for CVE-2021-35207?

How can an attacker exploit CVE-2021-35207?

How can CVE-2021-35207 be fixed?

Where can I find more information about CVE-2021-35207?

Company

Resources

Contact