CVE-2012-0903
Zimbra Desktop 7.1.2 b10978 - Cross-Site Scripting via Username or MailBox Name
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name.
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/108715/VL-378.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51436
Exploit x_refsource_misc
http://www.vulnerability-lab.com/get_content.php?id=378
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Jan/244
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72405
Scores
EPSS
0.0037
EPSS Percentile
58.7%
Details
CWE
CWE-79
Status
published
Products (1)
vmware/zimbra_desktop
7.1.2 b10978
Published
Jan 20, 2012
Tracked Since
Feb 18, 2026