PT-2020-7375 · Zimbra · Zimbra

Michael Scherer

·

Published

2020-02-12

·

Updated

2020-02-25

·

CVE-2013-1938

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions: Zimbra 2013
Description: The issue is related to a Cross-Site Scripting (XSS) problem. It affects the aspell.php file.
Recommendations: For Zimbra 2013, consider disabling access to the aspell.php file as a temporary workaround until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2013-1938

Affected Products

Zimbra