Silentsakky

**Name of the Vulnerable Software and Affected Versions** Zimbra zm-ajax versions up to 8.8.1 **Description** A vulnerability has been found in the function `XFormItem.prototype.setError` of the file `WebRoot/js/ajax/dwt/xforms/XFormItem.js`. The manipulation of the argument `message` leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. **Recommendations** For Zimbra zm-ajax versions up to 8.8.1, upgrade to version 8.8.2 to address this issue. As a temporary workaround, consider restricting access to the vulnerable function `XFormItem.prototype.setError` until a patch is available.