CVE-2017-20191
The vulnerability CVE-2017-20191 affects Zimbra zm-admin-ajax up to version 8.8.1, specifically the XFormItem.prototype.setError function in WebRoot/js/ajax/dwt/xforms/XFormItem.js (Form Textbox Field Error Handler). The issue arises from manipulating the argument message, enabling cross-site scr...