CVE-2017-8802
MEDIUMZimbra Collaboration Suite < 8.8.0 Beta2 - Stored Cross-Site Scripting via Show Snippet Functionality
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-8802. PoCs published by ozzi-.
AI-analyzed exploit summary This repository provides a Zimlet (Zimbra extension) to mitigate CVE-2017-8802 by disabling the 'Show Fragment' functionality. It includes a JavaScript file that overrides the default behavior to prevent exploitation.
Description
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality.
Exploits (1)
This repository provides a Zimlet (Zimbra extension) to mitigate CVE-2017-8802 by disabling the 'Show Fragment' functionality. It includes a JavaScript file that overrides the default behavior to prevent exploitation.
References (4)
Scores
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N