CVE-2017-20191

CVSS 2.0 Score 4.0 of 10 (medium)

Details

Published Mar 31, 2024
Updated: May 17, 2024
CWE ID 79

Summary

CVE-2017-20191 is a classified vulnerability affecting Zimbra zm-admin-ajax versions up to 8.8.1. The issue lies within the XFormItem.prototype.setError function of the component Form Textbox Field Error Handler. An attacker can manipulate the argument message, leading to cross-site scripting (XSS) attacks. These attacks can be initiated remotely, posing a significant security risk. To mitigate this vulnerability, upgrading to Zimbra version 8.8.2 is recommended. The patch identifier is bb240ce0c71c01caabaa43eed30c78ba8d7d3591. The vulnerability was assigned the identifier VDB-258621.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share