CVE-2023-45207 — Vulnetix

CVE-2023-45207 PUBLISHED CVSS 6.099999904632568 MEDIUM

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)

EPSS 0.44% · 63.7th percentile

Risk Scores

CVSS 3.1

6.099999904632568

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Score

0.44%

63.7th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
zimbra	collaboration	10.0.0, 8.8.15, 8.8.15

Exploit Intelligence

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories (circl)
https://wiki.zimbra.com/wiki/Security_Center (circl)
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy (circl)

Timeline

Oct 19, 2023 CVE Published
Feb 14, 2024 EPSS Score
Mar 12, 2024 EPSS Score
Apr 8, 2024 EPSS Score
May 5, 2024 EPSS Score
Jun 1, 2024 EPSS Score
Jun 29, 2024 EPSS Score
Jul 26, 2024 EPSS Score
Aug 22, 2024 EPSS Score
Sep 19, 2024 EPSS Score
Oct 16, 2024 EPSS Score
Nov 12, 2024 EPSS Score

References

https://blog.zimbra.com/2023/10/patch-for-zimbra-daffodil-10-0-5-9-0-0-patch-37-8-8-15-patch-44/ advisory
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories url
https://wiki.zimbra.com/wiki/Security_Center url
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy url
https://nvd.nist.gov/vuln/detail/CVE-2023-45207 advisory

Open in Interactive Console →