First published: Wed Oct 12 2022(Updated: )
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =8.8.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2022-41350 is medium (6.1).
CVE-2022-41350 affects Zimbra Collaboration Suite (ZCS) version 8.8.15.
The vulnerability in CVE-2022-41350 is a Reflected XSS vulnerability in /h/search?action=voicemail&action=listen.
An attacker can execute arbitrary JavaScript on the victim's machine using CVE-2022-41350.
To mitigate CVE-2022-41350, it is recommended to update Zimbra Collaboration Suite (ZCS) to a version that is not affected by the vulnerability.