Security Advisory

CVE-2022-37044

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-11 19:44:46

Last updated 2024-08-03 10:21:32

Assigner mitre

State PUBLISHED

Description

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victims machine.

← Browse all CVEs View on cve.org ↗