PT-2019-18471 · Zarafa+1 · Zarafa Webapp+1

Published

2019-04-11

Updated

2019-04-26

CVE-2019-7219

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zarafa Webapp versions 2.0.1.47791 and earlier

Description The issue is related to unauthenticated reflected cross-site scripting (XSS). This means that an attacker can inject malicious code into a website, which will then be executed by the user's browser. The problem was fixed in later versions of Zarafa Webapp, but some users have migrated to the related Kopano product.

Recommendations For Zarafa Webapp versions 2.0.1.47791 and earlier, consider upgrading to a later version of Zarafa Webapp or migrating to the Kopano product to resolve the issue. As a temporary workaround, consider restricting access to the Zarafa Webapp to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7219

Affected Products

Kopano

Zarafa Webapp

PT-2019-18471 · Zarafa+1 · Zarafa Webapp+1

CVE-2019-7219

Weakness Enumeration

Related Identifiers

Affected Products

References · 4