CVE-2023-45207

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
mitreCNA
---
---
CISA-ADPADP
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
zimbracollaboration
10.0.0 ≤
𝑥
< 10.0.5
zimbracollaboration
8.8.15
zimbracollaboration
8.8.15:p1
zimbracollaboration
8.8.15:p10
zimbracollaboration
8.8.15:p11
zimbracollaboration
8.8.15:p12
zimbracollaboration
8.8.15:p13
zimbracollaboration
8.8.15:p14
zimbracollaboration
8.8.15:p15
zimbracollaboration
8.8.15:p16
zimbracollaboration
8.8.15:p17
zimbracollaboration
8.8.15:p18
zimbracollaboration
8.8.15:p19
zimbracollaboration
8.8.15:p2
zimbracollaboration
8.8.15:p20
zimbracollaboration
8.8.15:p21
zimbracollaboration
8.8.15:p22
zimbracollaboration
8.8.15:p23
zimbracollaboration
8.8.15:p24
zimbracollaboration
8.8.15:p25
zimbracollaboration
8.8.15:p26
zimbracollaboration
8.8.15:p27
zimbracollaboration
8.8.15:p28
zimbracollaboration
8.8.15:p29
zimbracollaboration
8.8.15:p3
zimbracollaboration
8.8.15:p30
zimbracollaboration
8.8.15:p31
zimbracollaboration
8.8.15:p32
zimbracollaboration
8.8.15:p33
zimbracollaboration
8.8.15:p34
zimbracollaboration
8.8.15:p35
zimbracollaboration
8.8.15:p37
zimbracollaboration
8.8.15:p4
zimbracollaboration
8.8.15:p40
zimbracollaboration
8.8.15:p41
zimbracollaboration
8.8.15:p42
zimbracollaboration
8.8.15:p43
zimbracollaboration
8.8.15:p5
zimbracollaboration
8.8.15:p6
zimbracollaboration
8.8.15:p7
zimbracollaboration
8.8.15:p8
zimbracollaboration
8.8.15:p9
zimbracollaboration
9.0.0
zimbracollaboration
9.0.0:p0
zimbracollaboration
9.0.0:p1
zimbracollaboration
9.0.0:p10
zimbracollaboration
9.0.0:p11
zimbracollaboration
9.0.0:p12
zimbracollaboration
9.0.0:p13
zimbracollaboration
9.0.0:p14
zimbracollaboration
9.0.0:p15
zimbracollaboration
9.0.0:p16
zimbracollaboration
9.0.0:p19
zimbracollaboration
9.0.0:p2
zimbracollaboration
9.0.0:p20
zimbracollaboration
9.0.0:p21
zimbracollaboration
9.0.0:p23
zimbracollaboration
9.0.0:p24
zimbracollaboration
9.0.0:p24.1
zimbracollaboration
9.0.0:p25
zimbracollaboration
9.0.0:p26
zimbracollaboration
9.0.0:p27
zimbracollaboration
9.0.0:p3
zimbracollaboration
9.0.0:p30
zimbracollaboration
9.0.0:p31
zimbracollaboration
9.0.0:p32
zimbracollaboration
9.0.0:p33
zimbracollaboration
9.0.0:p34
zimbracollaboration
9.0.0:p35
zimbracollaboration
9.0.0:p36
zimbracollaboration
9.0.0:p4
zimbracollaboration
9.0.0:p5
zimbracollaboration
9.0.0:p6
zimbracollaboration
9.0.0:p7
zimbracollaboration
9.0.0:p7.1
zimbracollaboration
9.0.0:p8
zimbracollaboration
9.0.0:p9
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://wiki.zimbra.com/wiki/Security_Center
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories