A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
References
| Link | Resource |
|---|---|
| https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 | Release Notes Vendor Advisory |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
| https://wiki.zimbra.com/wiki/Security_Center | Vendor Advisory |
| https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories | Vendor Advisory |
| https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 | Release Notes Vendor Advisory |
Configurations
History
13 Mar 2025, 15:42
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 |
29 Jan 2025, 17:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://wiki.zimbra.com/wiki/Security_Center - Vendor Advisory | |
| References | () https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 - Release Notes, Vendor Advisory | |
| References | () https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories - Vendor Advisory |
08 Aug 2023, 14:21
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | NVD-CWE-Other |
Information
Published : 2022-04-21 00:15
Updated : 2025-07-30 19:08
NVD link : CVE-2022-27926
Mitre link : CVE-2022-27926
JSON object : View
Products Affected
zimbra
- collaboration
CWE
NVD-CWE-Other
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')