• CENTRE D’URGENCE | 24/7
  • Vous êtes victime d’une cyberattaque ?
  • Contactez notre centre d’urgence cyber :
  • +33 (0)1 83 07 00 06

[CVE-2018-14013] Cross-Site Scripting (XSS) vulnerabilities in Zimbra Collaboration

Two XSS vulnerabilities have been discovered in Zimbra Collaboration (initially in version 8.8.8). Zimbra Collaboration is an open source messaging and collaboration solution.

janvier 4, 2019

Description

Two XSS vulnerabilities have been discovered in Zimbra Collaboration (initially in version 8.8.8).
Zimbra Collaboration is an open source messaging and collaboration solution.

Vulnerability records

CVE ID: CVE-2018-14013

Access Vector: Remote

Security Risk: Medium

Vulnerability: CWE-79

CVSS Base Score: 6.1

CVSS String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

Two Reflected XSS vulnerabilities allow remote attackers to inject arbitrary JavaScript in web browsers.

Proof of Concept 1: Reflected XSS

To reproduce the first XSS, login to https://host.com/zimbra/ and click on the link below:

https://host.com/zimbra/h/search?si=1&so=0&sfi=4&st=message&csi=1&action=&cso=0&id=""><svg onload=alert(1)>

Proof of Concept 2: DOM-based XSS

  1. First, login to https://host.com/zimbra/

  2. Click on « Preferences », then on « Import / Export ».

  3. Finally, just import a file named test.<svg onload=alert(2)> to get the second XSS payload executed.

Affected versions

Versions < 8.8.11.

Solution

Update to version 8.8.11 which includes all fixes.

Timeline (dd/mm/yyyy)

  • 12/07/2018 : Initial discovery
  • 21/07/2018 : Vendor notification
  • 21/07/2018 : Vendor acknowledgment
  • 18/10/2018 : Vendor partial fixes in ZCS 8.8.10 patch 1 and 8.8.9 patch 6 (XSS 1)
  • 18/12/2018 : Vendor full fixes in ZCS 8.8.11 (XSS 2)
  • 30/01/2019 : Public disclosure

Credits

Thanks to the Zimbra security team for the perfect report handling!