CVE
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
Package Versions Affected
Package Version
patch Availability
No items found.
Automatically patch vulnerabilities without upgrading
Fix Without Upgrading
Detect compatible fix
Apply safe remediation
Fix with a single pull request
CVSS Version
Severity
Base Score
CVSS Version
Score Vector
C
H
U
9
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
C
H
U
0
-
3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
C
H
U
-
Related Resources
No items found.
References
https://wiki.zimbra.com/wiki/ZimbraResponsibleDisclosurePolicy, https://www.cisa.gov/known-exploited-vulnerabilities-catalog?fieldcve=CVE-2023-34192, https://wiki.zimbra.com/wiki/SecurityCenter, https://wiki.zimbra.com/wiki/ZimbraSecurity_Advisories
Basic Information
Ecosystem
