Synacor ZCS version 8.8.7-CVE-2018-6882
NAME
Synacor – Zimbra Collaboration Suite (ZCS)
- Platforms Affected:
Zimbra Collaboration Suite (ZCS) - Risk Level:
medium - CVE Type:
XSS
DESCRIPTION
CVE-2018-6882 is a cross-site scripting (XSS) vulnerability impacting Synacor Zimbra Collaboration Suite (ZCS) versions 8.7 through 8.8.6. A proof of concept (PoC) was observed in open source. Additionally, security researchers at Computer Emergency Response Team for Ukraine (CERT-UA) claimed the vulnerability was used to target Ukrainian government organizations.
CVSS Information:
- CVSS 2.0 SCORE: 4.3
- CVSS 3.0 SCORE: 6.1
- Exploit Disclosed in the Public:
true - Exploit Weaponised:
true - PoC Link:
hXXps://cert[.]gov[.]ua/article/39606
MITIGATION
Synacor addressed the vulnerability in Zimbra Collaboration Suite (ZCS) version 8.8.7.
- Reference Link:
https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7 - Patch Available:
available
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.