CVE-2023-45207 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-45207 PUBLISHED CVSS 6.099999904632568 MEDIUM

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)

EPSS 0.44% · 63.1th percentile

Risk Scores

CVSS v3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.44%

63.1th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
zimbra	collaboration	10.0.0, 8.8.15, 8.8.15

Timeline

Oct 19, 2023 CVE Published
Feb 14, 2024 EPSS Score
Mar 11, 2024 EPSS Score
Apr 7, 2024 EPSS Score
May 3, 2024 EPSS Score
May 30, 2024 EPSS Score
Jun 26, 2024 EPSS Score
Jul 23, 2024 EPSS Score
Aug 18, 2024 EPSS Score
Sep 14, 2024 EPSS Score
Oct 10, 2024 EPSS Score
Nov 6, 2024 EPSS Score

References

Open in Interactive Console →