CVE-2023-24031

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-24031

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24031.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-24031

Published

2023-06-15T21:15:09.550Z

Modified

2025-11-15T06:18:37.609015Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-build
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

03d99a16095b73a73770fbb6131d10234cfc13fd

Last affected

202d83762fca70b7403c144e1fedddc6cd4930a6

Last affected

5561a39cba0898c3bb5e188284d98f498d7a3c9a

Last affected

a163a5dc09ec091fed86421118ec56c90384997a

Last affected

b20d016c829af1c0ffbaa0545c1deb96ccd5e2e5

Last affected

b2faf1c074bf6e2f4f76acd11b9ad5a0b4caec40

Last affected

b6cd8f69d2761c014d4a3807f0bdee0011386444

Last affected

bcb978ccc354d99d843725886083e321759b6765

Last affected

c8a93da38fd1572d864c1becbcc772ba91ee4403

Last affected

de2eedbbdb8d58c34aac58dbf3866ae721f039eb

Affected versions

8.*

8.7.10

8.7.11

8.7.6

8.7.7

8.7.9

8.8.0.beta1

8.8.10

8.8.11

8.8.11.p3

8.8.12

8.8.15

8.8.2

8.8.3

8.8.4

8.8.6

8.8.7

8.8.8

8.8.9

8.8.9.p1

8.8.9.p3

9.*

9.0.0

9.0.0.p4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-24031.json"