Zimbra 8.8.15 Reflected XSS via /h/search?onload param
CVE-2022-37044 Published on August 12, 2022

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.

NVD

Products Associated with CVE-2022-37044

stack.watch emails you whenever new vulnerabilities are published in Zimbra Collaboration or Zimbra Collaboration Suite. Just hit a watch button to start following.

Zimbra Collaboration

Zimbra Collaboration Suite

Exploit Probability

EPSS

1.06%

Percentile

77.37%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Zimbra 8.8.15 Reflected XSS via /h/search?onload paramCVE-2022-37044 Published on August 12, 2022

Products Associated with CVE-2022-37044

Exploit Probability

Zimbra 8.8.15 Reflected XSS via /h/search?onload param
CVE-2022-37044 Published on August 12, 2022