CVE-2012-1213
Zimbra Collaboration Suite 6.x-6.0.15 7.x-7.1.3 - Cross-Site Scripting via Calendar View Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2012-1213. PoCs published by sonyy.
AI-analyzed exploit summary The exploit demonstrates a reflected XSS vulnerability in Zimbra's calendar view parameter. The crafted URL injects JavaScript via obfuscated payloads, bypassing input sanitization to execute arbitrary script code in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
Exploits (1)
The exploit demonstrates a reflected XSS vulnerability in Zimbra's calendar view parameter. The crafted URL injects JavaScript via obfuscated payloads, bypassing input sanitization to execute arbitrary script code in the context of the affected site.