← voltar
CVE-2020-13653

CVE-2020-13653

EPSS 1.4%
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://wiki.zimbra.com/wiki/Security_Centerhttps://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories