CVE-2022-37044 Information

Aug 13, 2022 cve

Description

In Zimbra Collaboration Suite (ZCS) 8.8.15 the URL at /h/search?action accepts parameters called extra title and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim’s machine.

Reference

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center

Share on: