CVE-2017-8802

{"id": "CVE-2017-8802", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2018-01-16T19:29:01.480", "references": [{"url": "http://www.securityfocus.com/archive/1/541661/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107925", "tags": ["Permissions Required"], "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/541661/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=107925", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the \"Show Snippet\" functionality."}, {"lang": "es", "value": "Vulnerabilidad de Cross-Site Scripting (XSS) en Zimbra Collaboration Suite (tambi\u00e9n conocido como ZCS) en versiones anteriores a la 8.8.0 Beta2 puede permitir que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores relacionados con la funcionalidad \"Show Snippet\"."}], "lastModified": "2024-11-21T03:34:44.037", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:synocor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "289718C8-9E62-419A-A882-252CFCB152D4", "versionEndIncluding": "8.7.11"}, {"criteria": "cpe:2.3:a:synocor:zimbra_collaboration_suite:8.8.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C23673FA-DC03-4586-A175-690B3328E7B1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}