CVE-2022-27926

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2022-27926

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27926.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-27926

Published

2022-04-21T00:15:08.450Z

Modified

2025-12-09T12:02:41.231130Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.

References

Affected packages

Git

github.com/zimbra/zm-build

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-build
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

03d99a16095b73a73770fbb6131d10234cfc13fd

Last affected

5561a39cba0898c3bb5e188284d98f498d7a3c9a

Last affected

b6cd8f69d2761c014d4a3807f0bdee0011386444

Last affected

bcb978ccc354d99d843725886083e321759b6765

Last affected

c8a93da38fd1572d864c1becbcc772ba91ee4403

Last affected

d3209df466110d214b2ab6593f931a59c2127db8

Affected versions

8.*

8.7.10

8.7.11

8.7.6

8.7.7

8.7.9

8.8.0.beta1

8.8.10

8.8.11

8.8.11.p3

8.8.12

8.8.15

8.8.2

8.8.3

8.8.4

8.8.6

8.8.7

8.8.8

8.8.9

8.8.9.p1

8.8.9.p3

9.*

9.0.0

9.0.0.p4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27926.json"

github.com/zimbra/zm-mailbox

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-mailbox
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0cec5b69accc49c162439cd29dd181bba36be235

Last affected

10b7ff251aee6f4770ad75377a1f81491ad5bdb9

Last affected

2461b44fc509a2eac508891d17716afbf972d164

Last affected

2ec276e0cd140c34d2e8aa6e2260a10901e43a9d

Last affected

4576339cd43ab64c19dc87591825ab51cb79f07a

Last affected

459d2044a9a205efee2b8998be41762876174dde

Last affected

497eef64675f6ae63972c50c24e26048640748f6

Last affected

52c811a0259419b4e3d177f80c0ba7562d375cfa

Last affected

63c14463c4393c0fcdec4a470e448d1d7dab76d1

Last affected

751eb18e4c5495c9682d1d03074a53368c004f9d

Last affected

7d74bc7bfd7f78c7261d0e52baf42716630fc3f0

Last affected

82e2bdc9c525585c3d3c2bb383ed80b1feaf878e

Last affected

89f6ce4d6813725c5102f8f2ac3be22bee482b29

Last affected

943f2188be659dbccc17e6082dc0c542f9debea4

Last affected

a6fdb2b0bbe8c189fd212d798f71f183fd3318ba

Last affected

aafbf2cdd8dcc565ad65ff5993b6cc91da430e1e

Last affected

dbe58ce9fb59913993aa2d7a5f2c28a292ee4a86

Last affected

e641be6dd504882bd357015c8012195d5bb49da2

Last affected

f09a72320f4769dd3a8402c3805f2e47afcaf2ab

Last affected

f323d75b09d42a6313b47d9a74aae96ec66aa1f8

Affected versions

8.*

8.7.10

8.7.11

8.7.6

8.7.7

8.7.9

8.8.0.beta1

8.8.10

8.8.11

8.8.12

8.8.2

8.8.3

8.8.4

8.8.5

8.8.6

8.8.7

8.8.8

8.8.9

9.*

9.0.0

9.0.0.p1

9.0.0.p10

9.0.0.p11

9.0.0.p13

9.0.0.p14

9.0.0.p16

9.0.0.p18

9.0.0.p19

9.0.0.p2

9.0.0.p20

9.0.0.p22

9.0.0.p23

9.0.0.p3

9.0.0.p4

9.0.0.p5

9.0.0.p6

9.0.0.p7

9.0.0.p8

9.0.0.p9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27926.json"

github.com/zimbra/zm-zcs

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-zcs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7cf503e14f689f39bad171475fb4e151bfcc22ee

Affected versions

8.*

8.7.10

8.7.11

8.7.6

8.7.7

8.7.9

8.8.0.beta1

8.8.0beta2

8.8.10

8.8.11

8.8.12

8.8.15

8.8.2

8.8.3

8.8.4

8.8.5

8.8.6

8.8.7

8.8.8

8.8.9

9.*

9.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27926.json"

github.com/zimbra/zm-zcs-lib

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-zcs-lib
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

08274721e99c2522952c640cd42e4d0cf676d432

Last affected

08eb5d93ab2f2bc818bb1667887764bbee4f3aa9

Last affected

36c11f7361993e9519db5045990575cd11ef1f1a

Last affected

386ad1144028a914410a97f6eb1315d4a49816a8

Last affected

5be2b97e2a4b7ce10b1db69326e8affdc5d3cd24

Last affected

82f2192747ae7a6e81355ac0d2e4f02ea2e6609f

Last affected

c038911e725cea6db549342703bfacf0c351ce50

Last affected

f7d07af90e612dba63830d5f7babb18d7c512eb4

Affected versions

8.*

8.7.10

8.7.11

8.7.6

8.7.7

8.7.9

8.8.0.beta1

8.8.10

8.8.11

8.8.12

8.8.15

8.8.2

8.8.3

8.8.4

8.8.5

8.8.6

8.8.7

8.8.8

8.8.9

9.*

9.0.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-27926.json"