Vulnerability Description
An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zimbra | Collaboration | >= 8.8, < 8.8.15 |
Related Weaknesses (CWE)
References
- https://wiki.zimbra.com/wiki/Security_CenterRelease NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23Vendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16Vendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
- https://wiki.zimbra.com/wiki/Security_CenterRelease NotesVendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23Vendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16Vendor Advisory
- https://wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesVendor Advisory
FAQ
What is CVE-2021-35207?
CVE-2021-35207 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an att...
How severe is CVE-2021-35207?
CVE-2021-35207 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35207?
Check the references section above for vendor advisories and patch information. Affected products include: Zimbra Collaboration.