First published: Fri Jul 02 2021(Updated: )
An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | >=8.8<8.8.15 | |
Zimbra Collaboration | =8.8.15 | |
Zimbra Collaboration | =8.8.15-p1 | |
Zimbra Collaboration | =8.8.15-p10 | |
Zimbra Collaboration | =8.8.15-p11 | |
Zimbra Collaboration | =8.8.15-p12 | |
Zimbra Collaboration | =8.8.15-p13 | |
Zimbra Collaboration | =8.8.15-p14 | |
Zimbra Collaboration | =8.8.15-p15 | |
Zimbra Collaboration | =8.8.15-p16 | |
Zimbra Collaboration | =8.8.15-p17 | |
Zimbra Collaboration | =8.8.15-p18 | |
Zimbra Collaboration | =8.8.15-p19 | |
Zimbra Collaboration | =8.8.15-p2 | |
Zimbra Collaboration | =8.8.15-p20 | |
Zimbra Collaboration | =8.8.15-p21 | |
Zimbra Collaboration | =8.8.15-p22 | |
Zimbra Collaboration | =8.8.15-p3 | |
Zimbra Collaboration | =8.8.15-p4 | |
Zimbra Collaboration | =8.8.15-p5 | |
Zimbra Collaboration | =8.8.15-p6 | |
Zimbra Collaboration | =8.8.15-p7 | |
Zimbra Collaboration | =8.8.15-p8 | |
Zimbra Collaboration | =8.8.15-p9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-35208 is a vulnerability discovered in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23, which allows an attacker to inject arbitrary markup into emails.
CVE-2021-35208 affects Zimbra Collaboration Suite versions 8.8.x before 8.8.15 Patch 23.
The severity of CVE-2021-35208 is medium, with a CVSS score of 5.4.
To fix CVE-2021-35208, update Zimbra Collaboration Suite to version 8.8.15 Patch 23 or later.
You can find more information about CVE-2021-35208 in the references provided: [link1], [link2], and [link3].