CVE-2020-13653

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-13653

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13653.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-13653

Published

2020-07-02T16:15:11.577Z

Modified

2026-04-10T04:22:22.728994Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type

GIT

Repo

https://github.com/zimbra/zm-build

Events

Introduced

Fixed

ac6081fa002b1511e926aba37740d2b6c20f3f43

Introduced

Last affected

ac6081fa002b1511e926aba37740d2b6c20f3f43

Introduced

Last affected

29eea219faf34718f0ef1cda7c3f02c89910c96c

Introduced

Last affected

905970576d6fe337150f09c0ad7a0f53aa1a8f42

Introduced

Last affected

0e40da921adb967639011de45841cef4c4601413

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.8.15"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p3"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p5"
        }
    ]
}

Type

GIT

Repo

https://github.com/zimbra/zm-mailbox

Events

Introduced

Last affected

e9ebb1ed89f27827ea1963d1329b1f8335aba9ac

Introduced

Last affected

8dd758add476db0ee9a7c1abab136e30ebde01b2

Introduced

Last affected

efd11afe1b526bb03f59b699aaadf6a1449e0244

Introduced

Last affected

d093cdf68ec6716be445c653277f602739a5086b

Introduced

Last affected

a12b964a206748de6db6dc1da2ee16249aabafce

Introduced

Last affected

58996926d8f031827e03ec788d69fd2d16739b1a

Introduced

Last affected

d31ba9d45eb31100ea30461dd859a5a9663b1e4a

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p10"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p2"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p7"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p8"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.8.15-p9"
        }
    ]
}

Affected versions

8.*

8.8.10

8.8.12

8.8.15

8.8.15.p1

8.8.15.p10

8.8.15.p11

8.8.15.p2

8.8.15.p3

8.8.15.p4

8.8.15.p5

8.8.15.p6

8.8.15.p7

8.8.15.p8

8.8.15.p9

8.8.2

8.8.3

8.8.4

8.8.5

8.8.6

8.8.7

8.8.8

8.8.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13653.json"