PT-2012-3136 · Zimbra · Zimbra Collaboration Suite

Sony

Publicado

2012-02-20

Atualizado

2017-11-18

CVE-2012-1213

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite (ZCS) versions 6.x through 6.0.14 Zimbra Collaboration Suite (ZCS) versions 7.x through 7.1.2

Description A cross-site scripting (XSS) issue exists in the Zimbra Web Client, specifically in the zimbra/h/calendar component. This allows remote attackers to inject arbitrary web script or HTML via the view parameter.

Recommendations For Zimbra Collaboration Suite (ZCS) versions 6.x through 6.0.14, update to version 6.0.15 or later. For Zimbra Collaboration Suite (ZCS) versions 7.x through 7.1.2, update to version 7.1.3 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2012-1213

Produtos afetados

Zimbra Collaboration Suite

PT-2012-3136 · Zimbra · Zimbra Collaboration Suite

CVE-2012-1213

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7