Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

CVE-2018-6882

Disclosure Date: March 27, 2018 •

CVE-2018-6882 CVSS v3 Base Score: 6.1

Exploited in the Wild

Reported by gwillcox-r7 and 2 more...
View Source Details

Description

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

6.1 Medium

Impact Score:

2.7

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Changed

Confidentiality (C):

Low

Integrity (I):

Low

Availability (A):

None

Vendors

synacor

Products

Exploited in the Wild

Reported by:

gwillcox-r7 indicated sources as

Government or Industry Alert (https://cert.gov.ua/article/39606)
News Article or Blog (https://socprime.com/blog/cve-2018-6882-xss-vulnerability-in-zimbra-collaboration-suite-leveraged-to-target-ukrainian-government-cert-ua-warns/)

Reported: April 16, 2022 6:11pm UTC (2 years ago)

mkienow-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: April 20, 2022 2:32am UTC (2 years ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/04/19/cisa-adds-three-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:28am UTC (3 months ago)

References

Rapid7

Unknown

CVE-2018-6882

Unknown

Unknown

Required

None

Network

CVE-2018-6882

Description