PT-2022-25823 · Zimbra · Zimbra Collaboration Suite

Tf1T

Published

2022-10-12

Updated

2022-10-14

CVE-2022-41351

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite version 8.8.15

Description The issue allows an attacker to trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string at the URL "/h/calendar".

Recommendations For Zimbra Collaboration Suite version 8.8.15, as a temporary workaround, consider restricting access to the "/h/calendar" URL until a patch is available. Avoid using the view and uncheck parameters in this endpoint until the issue is resolved.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-41351

Affected Products

Zimbra Collaboration Suite

PT-2022-25823 · Zimbra · Zimbra Collaboration Suite

CVE-2022-41351

Weakness Enumeration

Related Identifiers

Affected Products

References · 4