2020-07-02 15:15:44
mitre
PUBLISHED
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a users profile. The injected code can be reflected and executed when changing an e-mail signature.