Cross-site scripting vulnerability in Zimbra Collaboration Suite 8.8.15 affecting the /h/autoSaveDraft function. Despite being in CISA KEV, this is an XSS vulnerability that compromises user sessions rather than the server itself, requiring authenticated user interaction for exploitation.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: USER_INTERACTION
CVE Published: 2023-07-06
Added to CISA KEV: 2025-02-25 600 DAYS BETWEEN CVE AND KEV
CVE-2023-34192 is a critical Cross-Site Scripting (XSS) vulnerability affecting Zimbra Collaboration Suite (ZCS) version 8.8.15 [1] [4].
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script. ... Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, sβ¦
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the victim's browser, leading to ...
CVE-2023-34192 is a critical Cross-Site Scripting (XSS) vulnerability affecting Zimbra Collaboration Suite (ZCS) version 8.8.15. This flaw allows remote, authenticated attackers to inject malicious scripts via the /h/autoSaveDraft function, potentially leading to arbitrary code execution. The vulnerβ¦
CVE-2023-34192 is a cross-site scripting vulnerability in Zimbra Collaboration Suite. Learn about its impact, affected versions, and mitigation methods. ... CVE-2023-34192 is a critical Cross-Site Scripting (XSS) vulnerability affecting Zimbra Collaboration Suite (ZCS) version 8.8.15. This ...