CVE-2022-37044: XSS
First published: Fri Aug 12 2022(Updated: )
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zimbra Collaboration | =8.8.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-37044?
CVE-2022-37044 is a vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 that allows for reflected cross-site scripting (XSS) attacks.
How does CVE-2022-37044 affect Zimbra Collaboration Suite?
CVE-2022-37044 affects Zimbra Collaboration Suite (ZCS) 8.8.15, specifically the URL at /h/search?action, which accepts parameters that can be exploited for reflected XSS attacks.
What is the severity of CVE-2022-37044?
CVE-2022-37044 has a severity rating of 6.1 (Medium).
How can I fix CVE-2022-37044?
To fix CVE-2022-37044, it is recommended to upgrade to a version of Zimbra Collaboration Suite (ZCS) that includes a fix for the vulnerability.
Where can I find more information about CVE-2022-37044?
More information about CVE-2022-37044 can be found on the Zimbra Security Center and Zimbra Security Advisories wiki pages.
- collector/nvd-index
- vendor/zimbra
- canonical/zimbra collaboration
- version/zimbra collaboration/8.8.15