0.001 Low
EPSS
Percentile
33.5%
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victimβs machine.
wiki.zimbra.com/wiki/Security_Center
wiki.zimbra.com/wiki/Zimbra_Security_Advisories