First published: Thu Jun 15 2023(Updated: )
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration | =9.0.0 | |
Zimbra Collaboration | =9.0.0-p0 | |
Zimbra Collaboration | =9.0.0-p1 | |
Zimbra Collaboration | =9.0.0-p10 | |
Zimbra Collaboration | =9.0.0-p11 | |
Zimbra Collaboration | =9.0.0-p12 | |
Zimbra Collaboration | =9.0.0-p13 | |
Zimbra Collaboration | =9.0.0-p14 | |
Zimbra Collaboration | =9.0.0-p15 | |
Zimbra Collaboration | =9.0.0-p19 | |
Zimbra Collaboration | =9.0.0-p2 | |
Zimbra Collaboration | =9.0.0-p23 | |
Zimbra Collaboration | =9.0.0-p25 | |
Zimbra Collaboration | =9.0.0-p26 | |
Zimbra Collaboration | =9.0.0-p27 | |
Zimbra Collaboration | =9.0.0-p3 | |
Zimbra Collaboration | =9.0.0-p4 | |
Zimbra Collaboration | =9.0.0-p5 | |
Zimbra Collaboration | =9.0.0-p6 | |
Zimbra Collaboration | =9.0.0-p7 | |
Zimbra Collaboration | =9.0.0-p7.1 | |
Zimbra Collaboration | =9.0.0-p8 | |
Zimbra Collaboration | =9.0.0-p9 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-24031 is medium, with a severity value of 6.1.
CVE-2023-24031 affects Zimbra Collaboration versions 9.0 and 8.8.15.
CVE-2023-24031 is an XSS vulnerability that allows the execution of arbitrary JavaScript code via the webmail /h/ endpoint in Zimbra Collaboration.
To fix CVE-2023-24031, update to a patched version of Zimbra Collaboration 9.0 or 8.8.15.
More information about CVE-2023-24031 can be found in the Zimbra Security Center and Zimbra Security Advisories.