CVE-2023-45206

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-45206

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-45206.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-45206

Published

2024-02-13T16:15:08Z

Modified

2025-01-14T12:01:10.450886Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-build
Events: Introduced

b68c7b31a1d94f94903a79c53f1bd316b792de1d

Fixed

dc4243167ae849bfecfac625c62de19ae367eeaf

Affected versions

10.*

10.0.0-GA

10.0.1

10.0.4