← volver
CVE-2022-37044

CVE-2022-37044

EPSS 0.4%
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://wiki.zimbra.com/wiki/Security_Centerhttps://wiki.zimbra.com/wiki/Zimbra_Security_Advisories