Two XSS vulnerabilities have been discovered in Zimbra Collaboration (initially in version 8.8.8). Zimbra Collaboration is an open source messaging and collaboration solution.
CVE ID: CVE-2018-14013
Access Vector: Remote
Security Risk: Medium
CVSS Base Score: 6.1
CVSS String: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Proof of Concept 1: Reflected XSS
To reproduce the first XSS, login to https://host.com/zimbra/ and click on the link below:
Proof of Concept 2: DOM-based XSS
First, login to
Click on "Preferences", then on "Import / Export".
Finally, just import a file named
test.<svg onload=alert(2)>to get the second XSS payload executed.
Versions < 8.8.11.
Update to version 8.8.11 which includes all fixes.
- 12/07/2018 : Initial discovery
- 21/07/2018 : Vendor notification
- 21/07/2018 : Vendor acknowledgment
- 18/10/2018 : Vendor partial fixes in ZCS 8.8.10 patch 1 and 8.8.9 patch 6 (XSS 1)
- 18/12/2018 : Vendor full fixes in ZCS 8.8.11 (XSS 2)
- 30/01/2019 : Public disclosure
- Issam Rabhi [email protected]
Thanks to the Zimbra security team for the perfect report handling!