Recently Zimbra released Zimbra Collaboration 8.6 Patch 5. It fixed 2 Cross-Site Scripting (XSS) vulnerabilities which were discovered and reported by security researcher of Fortinet's FortiGuard labs in October 2015. CVE-2015-7609 was assigned to identify these 2 XSS vulnerabilities. One of them is caused due to insufficiently sanitizing the content of email message body. It allows remote attackers to launch XSS attack against Zimbra Collaboration users by simply sending a specially-crafted email. In this blog, we want to elaborate this vulnerability.
Zimbra Collaboration XSS Vulnerability: Be Careful If You're Using Zimbra Email | Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.