vulnerability
Zimbra Collaboration: CVE-2017-8802: Persistent XSS - snippet CWE-79
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Jan 16, 2018 | Jan 10, 2025 | Jul 17, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Jan 16, 2018
Added
Jan 10, 2025
Modified
Jul 17, 2025
Description
Cross-site scripting (xss) vulnerability in zimbra collaboration suite (aka zcs) before 8.8.0 beta2 might allow remote attackers to inject arbitrary web script or html via vectors related to the "show snippet" functionality.
Solution
zimbra-collaboration-upgrade-latest
References
- CWE-79
- CVE-2017-8802
- https://attackerkb.com/topics/CVE-2017-8802
- URL-http://www.securityfocus.com/archive/1/541661/100/0/threaded
- URL-https://bugzilla.zimbra.com/show_bug.cgi?id=107925
- URL-https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
- URL-https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.