To confirm XSS, send HTTP requests to the URL /h/calendar/view/ with the following parameters: In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).To confirm XSS, send HTTP requests to the URL /h/calendar/view/ with the following parameters: GET /h/calendar/view?${view}&unCheck=1&unCheck=10 GET /h/calendar/view?${view}&unCheck=1&unCheck=10 If a value of '1' is sent, the result will be a call to the script 'javascript:alert(“XSS!”);' If a value of '1' is sent, the result will be a call to the script 'javascript:alert(“XSS!”);' If /h/calendar/view is changed to a different value, like '2', '3', or '4', the same result will be achieved. If /h/calendar/view is changed to a different value, like '2', '3', or '4', the same result will be achieved. If /h/calendar/view is changed to a different value, like '
CVE-2023-41350
Zimbra Collaboration Suite (ZCS) 8.8.15 is vulnerable to a cross-site scripting vulnerability that could allow an attacker to view data contained in public folders of an affected application, such as inbox or sent items, by appending a malicious script tag to the URL of a public folder and then opening it in the browser.
To confirm XSS, send HTTP requests to the URL /h/public_folders/ with the following parameters: GET /h/public_folders/?${folder}&unCheck=1&unCheck=10 GET /h/public_folders/?${folder}&unCheck=1&unCheck=10 If a value of '1' is sent, the result will be a call to the script 'javascript:alert(“XSS!”);' If a value of '1' is sent, the result will be a call to the script 'javascript:alert(“XSS!”);' If /h/public_folders/ is changed to a different value, like '2', '3', or '4', the same result will be achieved. If /h/public_folders/ is changed to a different value, like '2', '3', or '4', the same result will be achieved.
Timeline
Published on: 10/12/2022 20:15:00 UTC
Last modified on: 10/14/2022 09:15:00 UTC