First published: Thu Aug 11 2022(Updated: )
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =8.8.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-37044 is a vulnerability in Zimbra Collaboration Suite (ZCS) 8.8.15 that allows for reflected cross-site scripting (XSS) attacks.
CVE-2022-37044 affects Zimbra Collaboration Suite (ZCS) 8.8.15, specifically the URL at /h/search?action, which accepts parameters that can be exploited for reflected XSS attacks.
CVE-2022-37044 has a severity rating of 6.1 (Medium).
To fix CVE-2022-37044, it is recommended to upgrade to a version of Zimbra Collaboration Suite (ZCS) that includes a fix for the vulnerability.
More information about CVE-2022-37044 can be found on the Zimbra Security Center and Zimbra Security Advisories wiki pages.