CVE-2017-20188

Name of the Vulnerable Software and Affected Versions Zimbra zm-ajax versions up to 8.8.1

Description A vulnerability has been found in the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.

Recommendations For Zimbra zm-ajax versions up to 8.8.1, upgrade to version 8.8.2 to address this issue. As a temporary workaround, consider restricting access to the vulnerable function XFormItem.prototype.setError until a patch is available.