QwikSec

Security Database

CVE

CWE

Training

CVE-2018-6882

Published: Mar 27, 2018

Modified: Oct 21, 2025

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links

mailing-list

x_refsource_FULLDISC

https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html

x_refsource_MISC

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7

x_refsource_CONFIRM

https://bugzilla.zimbra.com/show_bug.cgi?id=108786

x_refsource_CONFIRM

20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links

mailing-list

x_refsource_BUGTRAQ

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.