CVE-2019-7219

MEDIUM NUCLEI

Zarafa Webapp - Unauthenticated Reflected Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-7219. PoCs published by verifysecurity. A Nuclei detection template is also available.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2019-7219, a reflected XSS vulnerability in Zarafa Webapp. The exploit demonstrates the injection of a simple JavaScript alert via a crafted URL parameter.

Description

Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.

Exploits (1)

nomisec WORKING POC
by verifysecurity · poc
https://github.com/verifysecurity/CVE-2019-7219

This repository contains a proof-of-concept for CVE-2019-7219, a reflected XSS vulnerability in Zarafa Webapp. The exploit demonstrates the injection of a simple JavaScript alert via a crafted URL parameter.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Zarafa Webapp versions 1.6-46049 to 2.0.1.47791
No auth needed
Prerequisites: Access to the vulnerable Zarafa Webapp instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
MEDIUMby pdteam

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://stash.kopano.io/repos?visibility=public
Third Party Advisory x_refsource_misc
https://github.com/verifysecurity/CVE-2019-7219

Scores

CVSS v3 6.1
EPSS 0.0517
EPSS Percentile 91.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
zarafa/webaccess 7.2.0-48204
Published Apr 11, 2019
Tracked Since Feb 18, 2026