PT-2022-23767 · Zimbra · Zimbra Collaboration Suite
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.15 Description: The issue concerns a reflected XSS in the /h/search?action API endpoint, which accepts parameters called extra, title, and onload that are partially sanitized. This allows for the...