Vulnerability Description
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing an e-mail signature.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synacor | Zimbra Collaboration Suite | < 8.8.15 |
Related Weaknesses (CWE)
References
- https://wiki.zimbra.com/wiki/Security_CenterRelease NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11Release NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4Release NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
- https://wiki.zimbra.com/wiki/Security_CenterRelease NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P11Release NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P4Release NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
FAQ
What is CVE-2020-13653?
CVE-2020-13653 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profi...
How severe is CVE-2020-13653?
CVE-2020-13653 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-13653?
Check the references section above for vendor advisories and patch information. Affected products include: Synacor Zimbra Collaboration Suite.