CVE-2008-1226 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3 4.5.6 and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment possibly involving a (1) .jpg or (2) .gif image attachment.

Reference

http://jvn.jp/jp/JVN2395014590/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000004.html http://secunia.com/advisories/29263 http://www.securityfocus.com/bid/28134 http://www.zimbra.com/jp/products/vulnerability.html https://exchange.xforce.ibmcloud.com/vulnerabilities/41044