First published: Wed Oct 12 2022(Updated: )
In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =8.8.15 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-41351.
The severity of CVE-2022-41351 is medium with a CVSS score of 6.1.
CVE-2022-41351 affects Zimbra Collaboration Suite version 8.8.15.
CVE-2022-41351 can be exploited by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string.
To fix CVE-2022-41351, update Zimbra Collaboration Suite to a version that is not affected.