Zimbra Collaboration Suite - Cross-site Scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. id:...

New Hacking Campaign Targeting Ukrainian Government with IcedID Malware

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new wave of social engineering campaigns delivering IcedID malware and leveraging Zimbra exploits with the goal of stealing sensitive information. Attributing the IcedID phishing attacks to a threat cluster named UAC-0041, th...

Zimbra < 8.7.11 Patch 1 XSS Vulnerability

Zimbra is prone to a cross-site scripting XSS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

Zimbra Collaboration Suite Cross-Site Scripting Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from the US company Zimbra, which includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in the 'ZmMailMsgView.getAttachmentLinkHtml' function in ZCS versions prior to 8.7 Patch 1 and 8.8....

CVE-2018-6882

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment...

Cross site scripting

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment...

CVE-2018-6882

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment...

CVE-2018-6882

Cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. Recent...

PT-2018-3811 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite ZCS versions 8.7 before Patch 1 through 8.8.x before 8.8.7 Description: The issue is related to a cross-site scripting XSS vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function. This vulnerability might...

http-apache-negotiation NSE Script

Checks if the target http server has modnegotiation enabled. This feature can be leveraged to find hidden resources and spider a web site using fewer requests. The script works by sending requests for resources like index and home without specifying the extension. If modnegotiate is enabled defau...