Zimbra Collaboration Suite CVE-2017-7288 Unspecified HTML Injection Vulnerability

Zimbra Collaboration Suite is prone to an unspecified HTML-injection vulnerability.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Versions prior to Zimbra Collaboration Suite 8.7.1 are vulnerable.

Information

Bugtraq ID: 98081
Class: Input Validation Error
CVE: CVE-2017-7288

Remote: Yes
Local: No
Published: Apr 28 2017 12:00AM
Updated: May 01 2017 12:12AM
Credit: Sammy Forgit
Vulnerable: Zimbra Collaboration Suite 8.0.5
Zimbra Collaboration Suite 8.0.4
Zimbra Collaboration Suite 8.0.3
Zimbra Collaboration Suite 8.0.2
Zimbra Collaboration Suite 8.0.1
Zimbra Collaboration Suite 8.0.0
Zimbra Collaboration Server 7.2.6
Zimbra Collaboration Server 7.2.5
Zimbra Collaboration Server 7.1.4
Zimbra Collaboration Server 7.2.4
Zimbra Collaboration Server 7.2.3
Zimbra Collaboration Server 7.2.2
Zimbra Collaboration Server 7.2.1
Zimbra Collaboration Server 7.2.0
Zimbra Collaboration Server 7.1.3
Zimbra Collaboration Server 7.1.2
Zimbra Collaboration Server 7.1.1
Zimbra Collaboration Server 7.1.0
Zimbra Collaboration Server 7.0.1
Zimbra Collaboration Server 7.0.0

Not Vulnerable: Zimbra Collaboration Suite 8.7.1

Exploit

An attacker can exploit this issue using a web browser.

References:

Zimbra Collaboration Suite Product Page (Zimbra)
Zimbra Collaboration - Security Vulnerability Advisories (zimbra)

Source: www.securityfocus.com

Exploit Collector

Search Exploit