CVE-2023-37580 - OpenCVE

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Zimbra	Zimbra

Configuration 1 [-]

OR	cpe:2.3:a:zimbra:zimbra::::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p11::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p26::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p3::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p30::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p31::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p32::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p33::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p34::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p35::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p37::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p38::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p40::::::
	cpe:2.3:a:zimbra:zimbra:8.8.15:p5::::::

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/11/17/2	Mailing List Patch
https://wiki.zimbra.com/wiki/Security_Center	Release Notes
https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy	Not Applicable

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-07-31T00:00:00

Updated: 2023-11-17T15:06:12.780960

Reserved: 2023-07-07T00:00:00

Link: CVE-2023-37580

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-07-31T16:15:10.327

Modified: 2023-12-22T15:16:27.810

Link: CVE-2023-37580

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"cisaActionDue": "2023-08-17", "cisaExploitAdd": "2023-07-27", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:zimbra:*:*:*:*:*:*:*:*", "matchCriteriaId": "38ECDB77-75C2-4F1F-94A8-D0F7CAC58427", "versionEndExcluding": "8.8.15", "versionStartIncluding": "8.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p11:*:*:*:*:*:*", "matchCriteriaId": "D94082EB-9245-421E-A195-659ED7E97FBD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p26:*:*:*:*:*:*", "matchCriteriaId": "F10A5925-168E-45E8-888E-E4042A1406A4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p3:*:*:*:*:*:*", "matchCriteriaId": "074B9DC0-1700-4C29-B332-093FEA785D39", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p30:*:*:*:*:*:*", "matchCriteriaId": "85C96088-3631-4CAE-BA6C-9E7A12EC455F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p31:*:*:*:*:*:*", "matchCriteriaId": "BCB801E7-C9C5-42FC-A4C3-CECD9F21887B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p32:*:*:*:*:*:*", "matchCriteriaId": "A22C14E7-34AE-438C-9E2A-DA4BF07889D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p33:*:*:*:*:*:*", "matchCriteriaId": "B5251B9B-87EF-4300-A791-8C2BB2B58FA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p34:*:*:*:*:*:*", "matchCriteriaId": "C9795188-0A57-48A6-B876-0A2477888D6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p35:*:*:*:*:*:*", "matchCriteriaId": "4288C356-C993-486F-B3CF-D8E44A7A53C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p37:*:*:*:*:*:*", "matchCriteriaId": "7A98258E-91BA-45F0-8417-6FFB3CF02FB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p38:*:*:*:*:*:*", "matchCriteriaId": "3EFD7BC4-0284-4551-972C-81DD7F225DA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p40:*:*:*:*:*:*", "matchCriteriaId": "ACA5EA7B-95A3-49E9-A407-A034279173FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:zimbra:8.8.15:p5:*:*:*:*:*:*", "matchCriteriaId": "9F670A63-D8E9-4360-83CF-5C5D3D8B569E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client."}], "id": "CVE-2023-37580", "lastModified": "2023-12-22T15:16:27.810", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-07-31T16:15:10.327", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2023/11/17/2"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}