First published: Wed Oct 12 2022(Updated: )
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =8.8.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-41349 is a vulnerability found in Zimbra Collaboration Suite (ZCS) 8.8.15 that allows for Reflected XSS attacks.
The severity of CVE-2022-41349 is medium with a CVSS score of 6.1.
CVE-2022-41349 works by exploiting the vulnerability in the URL at /h/compose that accepts an attachUrl parameter, allowing for the execution of arbitrary JavaScript on the victim's machine.
Zimbra Collaboration Suite 8.8.15 is the affected version.
To fix CVE-2022-41349, users should update to a patched version of Zimbra Collaboration Suite, provided by Zimbra.