CVE-2022-37044 — Vulnetix

Try Vulnetix Request Demo

CVE-2022-37044 PUBLISHED CVSS 6.099999904632568 MEDIUM

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.

EPSS 0.94% · 76.1th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.94%

76.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
zimbra	collaboration	8.8.15

Timeline

Aug 11, 2022 CVE Published
Aug 12, 2022 EPSS Score
Sep 27, 2022 EPSS Score
Nov 11, 2022 EPSS Score
Dec 27, 2022 EPSS Score
Feb 10, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 12, 2023 EPSS Score
Jun 27, 2023 EPSS Score
Aug 11, 2023 EPSS Score
Sep 26, 2023 EPSS Score

References

Open in Interactive Console →