PT-2019-18471 · Zarafa+1 · Zarafa Webapp+1
Publicado
2019-04-11
·
Atualizado
2019-04-26
·
CVE-2019-7219
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zarafa Webapp versions 2.0.1.47791 and earlier
Description
The issue is related to unauthenticated reflected cross-site scripting (XSS). This means that an attacker can inject malicious code into a website, which will then be executed by the user's browser. The problem was fixed in later versions of Zarafa Webapp, but some users have migrated to the related Kopano product.
Recommendations
For Zarafa Webapp versions 2.0.1.47791 and earlier, consider upgrading to a later version of Zarafa Webapp or migrating to the Kopano product to resolve the issue. As a temporary workaround, consider restricting access to the Zarafa Webapp to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kopano
Zarafa Webapp