CVE-2023-37580

CVSS 6.1 MEDIUMEPSS 59.0%● KEVCWE-79

In short

A security flaw in Zimbra Collaboration Server version 8 allows attackers to inject malicious scripts into the Classic Web Client, potentially stealing user credentials or session information when users view affected pages.

Technical detail

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Server 8.x prior to patch 8.8.15 Patch 41 enables attackers to inject malicious JavaScript code that executes in users' browsers within the Zimbra Classic Web Client context. Exploitation requires user interaction (visiting a malicious link or viewing crafted content), and successful exploitation can lead to session hijacking, credential theft, or unauthorized actions on behalf of the user.

Summary generated and translated by AI from the official description.

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-37580 http://www.openwall.com/lists/oss-security/2023/11/17/2