CVE-2023-45207

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-45207
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-45207.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-45207
Published
2024-02-13T16:15:08Z
Modified
2025-01-08T09:40:00.106594Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-build
Events

Affected versions

10.*

10.0.0-GA
10.0.1
10.0.4