CVE-2023-48432

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-48432

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48432.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-48432

Published

2024-02-13T16:15:08.380Z

Modified

2025-11-15T03:04:54.268539Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.

References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type: GIT
Repo: https://github.com/zimbra/zm-build
Events: Introduced

b68c7b31a1d94f94903a79c53f1bd316b792de1d

Fixed

63dacdd96e958c4c3a0493cbbae7ae113d3bb858

Affected versions

10.*

10.0.0-GA

10.0.1

10.0.4

10.0.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48432.json"