CVE-2023-45206

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
zimbracollaboration
10.0.0 ≤
𝑥
< 10.0.5
zimbracollaboration
8.8.15
zimbracollaboration
8.8.15:p1
zimbracollaboration
8.8.15:p10
zimbracollaboration
8.8.15:p11
zimbracollaboration
8.8.15:p12
zimbracollaboration
8.8.15:p13
zimbracollaboration
8.8.15:p14
zimbracollaboration
8.8.15:p15
zimbracollaboration
8.8.15:p16
zimbracollaboration
8.8.15:p17
zimbracollaboration
8.8.15:p18
zimbracollaboration
8.8.15:p19
zimbracollaboration
8.8.15:p2
zimbracollaboration
8.8.15:p20
zimbracollaboration
8.8.15:p21
zimbracollaboration
8.8.15:p22
zimbracollaboration
8.8.15:p23
zimbracollaboration
8.8.15:p24
zimbracollaboration
8.8.15:p25
zimbracollaboration
8.8.15:p26
zimbracollaboration
8.8.15:p27
zimbracollaboration
8.8.15:p28
zimbracollaboration
8.8.15:p29
zimbracollaboration
8.8.15:p3
zimbracollaboration
8.8.15:p30
zimbracollaboration
8.8.15:p31
zimbracollaboration
8.8.15:p32
zimbracollaboration
8.8.15:p33
zimbracollaboration
8.8.15:p34
zimbracollaboration
8.8.15:p35
zimbracollaboration
8.8.15:p37
zimbracollaboration
8.8.15:p38
zimbracollaboration
8.8.15:p39
zimbracollaboration
8.8.15:p4
zimbracollaboration
8.8.15:p40
zimbracollaboration
8.8.15:p41
zimbracollaboration
8.8.15:p42
zimbracollaboration
8.8.15:p43
zimbracollaboration
8.8.15:p5
zimbracollaboration
8.8.15:p6
zimbracollaboration
8.8.15:p7
zimbracollaboration
8.8.15:p8
zimbracollaboration
8.8.15:p9
zimbracollaboration
9.0.0
zimbracollaboration
9.0.0:p0
zimbracollaboration
9.0.0:p1
zimbracollaboration
9.0.0:p10
zimbracollaboration
9.0.0:p11
zimbracollaboration
9.0.0:p12
zimbracollaboration
9.0.0:p13
zimbracollaboration
9.0.0:p14
zimbracollaboration
9.0.0:p15
zimbracollaboration
9.0.0:p16
zimbracollaboration
9.0.0:p19
zimbracollaboration
9.0.0:p2
zimbracollaboration
9.0.0:p20
zimbracollaboration
9.0.0:p21
zimbracollaboration
9.0.0:p23
zimbracollaboration
9.0.0:p24
zimbracollaboration
9.0.0:p24.1
zimbracollaboration
9.0.0:p25
zimbracollaboration
9.0.0:p26
zimbracollaboration
9.0.0:p27
zimbracollaboration
9.0.0:p3
zimbracollaboration
9.0.0:p30
zimbracollaboration
9.0.0:p31
zimbracollaboration
9.0.0:p32
zimbracollaboration
9.0.0:p33
zimbracollaboration
9.0.0:p34
zimbracollaboration
9.0.0:p35
zimbracollaboration
9.0.0:p36
zimbracollaboration
9.0.0:p4
zimbracollaboration
9.0.0:p5
zimbracollaboration
9.0.0:p6
zimbracollaboration
9.0.0:p7
zimbracollaboration
9.0.0:p7.1
zimbracollaboration
9.0.0:p8
zimbracollaboration
9.0.0:p9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories