CVE-2022-37044

In Zimbra Collaboration Suite ZCS 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine...

U.S. Dept Of Defense: Cross-Site Scripting via 'description_extra' parameter

A Cross-Site Scripting XSS vulnerability was discovered in the 'descriptionextra' parameter of the application. The vulnerability allowed an attacker to inject malicious scripts that could be executed, potentially leading to unintended consequences. The vulnerability was reported and the necessar...

CVE-2023-43353

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component...

CVE-2023-43353

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component...

PT-2022-23767 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 Description: The issue concerns a reflected XSS in the /h/search?action API endpoint, which accepts parameters called extra, title, and onload that are partially sanitized. This allows for the...

CVE-2018-18271

XSS exists in CMS Made Simple version 2.2.7 via the m1extra parameter in an admin/moduleinterface.php "Content--News--Add Article" action...