CVE-2022-41350: XSS
First published: Wed Oct 12 2022(Updated: )
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zimbra Collaboration | =8.8.15 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-41350?
The severity of CVE-2022-41350 is medium (6.1).
How does CVE-2022-41350 affect Zimbra Collaboration Suite (ZCS)?
CVE-2022-41350 affects Zimbra Collaboration Suite (ZCS) version 8.8.15.
What is the vulnerability in CVE-2022-41350?
The vulnerability in CVE-2022-41350 is a Reflected XSS vulnerability in /h/search?action=voicemail&action=listen.
What can an attacker do with CVE-2022-41350?
An attacker can execute arbitrary JavaScript on the victim's machine using CVE-2022-41350.
How can I mitigate CVE-2022-41350?
To mitigate CVE-2022-41350, it is recommended to update Zimbra Collaboration Suite (ZCS) to a version that is not affected by the vulnerability.
- collector/nvd-index
- vendor/zimbra
- canonical/zimbra collaboration
- version/zimbra collaboration/8.8.15