{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-07-02T18:55:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-35207", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"name": "https://wiki.zimbra.com/wiki/Security_Center", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16"}, {"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T00:33:51.243Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-35207", "datePublished": "2021-07-02T18:55:00", "dateReserved": "2021-06-22T00:00:00", "dateUpdated": "2024-08-04T00:33:51.243Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BDCCB43-EBE0-4E5D-B2E1-E346A3694AB9", "versionEndExcluding": "8.8.15", "versionStartIncluding": "8.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*", "matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*", "matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*", "matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*", "matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*", "matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*", "matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*", "matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*", "matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*", "matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*", "matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*", "matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*", "matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*", "matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*", "matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*", "matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*", "matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*", "matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*", "matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*", "matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*", "matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*", "matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*", "matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*", "matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*", "matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*", "matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*", "matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*", "matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*", "matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*", "matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*", "matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*", "matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*", "matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*", "matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*", "matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*", "matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*", "matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*", "matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E", "vulnerable": true}, {"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*", "matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de redireccionamiento abierto en el servlet /preauth de Zimbra Collaboration Suite versiones hasta 9.0. Para explotar la vulnerabilidad, un atacante necesitar\u00eda haber obtenido un token de autenticaci\u00f3n v\u00e1lido de Zimbra o un token de preautenticaci\u00f3n v\u00e1lido. Una vez obtenido el token, un atacante podr\u00eda redirigir a un usuario a cualquier URL por medio de isredirect=1&redirectURL= en conjunto con los datos del token (por ejemplo, un valor authtoken= v\u00e1lido)"}], "id": "CVE-2021-35207", "lastModified": "2021-07-09T15:36:18.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-02T19:15:08.377", "references": [{"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}