First published: Wed Apr 20 2022(Updated: )
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =9.0.0 | |
Zimbra Collaboration (ZCS) | ||
Roundcube email server | =1.4.14 | |
Roundcube email server | =1.5.x before 1.5.4 | |
Roundcube email server | =1.6.x before 1.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2022-27926 is a reflected cross-site scripting (XSS) vulnerability in Zimbra Collaboration (ZCS) 9.0 that allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
This vulnerability can be exploited by sending specially crafted request parameters to the /public/launchNewWindow.jsp component of Zimbra Collaboration (ZCS) 9.0.
Users of Zimbra Collaboration (ZCS) 9.0 are affected by this vulnerability.
CVE-2022-27926 has a severity rating of medium.
To mitigate this vulnerability, it is recommended to update Zimbra Collaboration to a patched version.