CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 4CVE-2012-1213 – Zimbra - 'view' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-1213
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. Vulnerabilidad de Cross-Site Scripting (XSS) en zimbra/h/calendar en Zimbra Web Client en Zimbra Collaboration Suite (ZCS) en versiones 6.x anteriores a la 6.0.15 y 7.x anteriores a la 7.1.3 permite que atacantes remotos inyecten scripts web o HTML arbitrarios mediante el parámetro view. • https://www.exploit-db.com/exploits/36695 http://packetstormsecurity.org/files/109710/Zimbra-Cross-Site-Scripting.html http://st2tea.blogspot.com/2012/02/zimbra-cross-site-scripting.html http://www.securityfocus.com/bid/51974 https://bugzilla.zimbra.com/show_bug.cgi?id=63849 https://exchange.xforce.ibmcloud.com/vulnerabilities/73168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-1226
https://notcve.org/view.php?id=CVE-2008-1226
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. Múltiples Vulnerabilidades de secuencias de comandos en sitios cruzados (XSS)en Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6 y posiblemente otras versiones anteriores a 4.5.10, permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través de un adjunto de e-mail usando ficheros (1) .jpg o (2) .gif. • http://jvn.jp/jp/JVN%2395014590/index.html http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000004.html http://secunia.com/advisories/29263 http://www.securityfocus.com/bid/28134 http://www.zimbra.com/jp/products/vulnerability.html https://exchange.xforce.ibmcloud.com/vulnerabilities/41044 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •