{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-20T23:23:40.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-27926", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"name": "https://wiki.zimbra.com/wiki/Security_Center", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:10.798Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-27926", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-29T16:15:58.336126Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-04-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27926"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27926", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "timeline": [{"time": "2023-04-03T00:00:00+00:00", "lang": "en", "value": "CVE-2022-27926 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:15:40.915Z"}}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27926", "datePublished": "2022-04-20T23:23:40.000Z", "dateReserved": "2022-03-25T00:00:00.000Z", "dateUpdated": "2025-10-21T23:15:40.915Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-04-20T23:23:40.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2022-27926", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"name": "https://wiki.zimbra.com/wiki/Security_Center", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24", "refsource": "MISC", "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T05:41:10.798Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-27926", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-29T16:15:58.336126Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2023-04-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27926"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27926", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T16:16:01.288Z"}, "timeline": [{"time": "2023-04-03T00:00:00+00:00", "lang": "en", "value": "CVE-2022-27926 added to CISA KEV"}], "title": "CISA ADP Vulnrichment"}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2022-27926", "datePublished": "2022-04-20T23:23:40.000Z", "dateReserved": "2022-03-25T00:00:00.000Z", "dateUpdated": "2025-10-21T19:46:06.030Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2023-04-24", "cisaExploitAdd": "2023-04-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:-:*:*:*:*:*:*", "matchCriteriaId": "32AFCE22-5ADA-4FF7-A165-5EC12B325DEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p1:*:*:*:*:*:*", "matchCriteriaId": "D3577FE6-F1F4-4555-8D27-84D6DE731EA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p10:*:*:*:*:*:*", "matchCriteriaId": "931BD98E-1A5F-4634-945B-BDD7D2FAA8B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p11:*:*:*:*:*:*", "matchCriteriaId": "2E7C0A57-A887-4D29-B601-4275313F46B3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p12:*:*:*:*:*:*", "matchCriteriaId": "B7248B91-D136-4DD5-A631-737E4C220A02", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p13:*:*:*:*:*:*", "matchCriteriaId": "494F6FD4-36ED-4E40-8336-7F077FA80FA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p14:*:*:*:*:*:*", "matchCriteriaId": "9DF8C0CE-A71D-4BB1-83FB-1EA5ED77E0C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p15:*:*:*:*:*:*", "matchCriteriaId": "E0648498-2EE5-4B68-8360-ED5914285356", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p16:*:*:*:*:*:*", "matchCriteriaId": "24282FF8-548B-415B-95CA-1EFD404D21D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p17:*:*:*:*:*:*", "matchCriteriaId": "ACFDF2D9-ED72-4969-AA3B-E8D48CB1922D", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p18:*:*:*:*:*:*", "matchCriteriaId": "2B7D0A8B-7A72-4C1A-85F2-BE336CA47E0B", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p19:*:*:*:*:*:*", "matchCriteriaId": "019AFC34-289E-4A01-B08B-A5807F7F909A", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p2:*:*:*:*:*:*", "matchCriteriaId": "7E7B3976-DA6F-4285-93E6-2328006F7F4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p20:*:*:*:*:*:*", "matchCriteriaId": "062E586F-0E02-45A6-93AD-895048FC2D4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p21:*:*:*:*:*:*", "matchCriteriaId": "3EE37BEE-4BDB-4E62-8DE3-98CF74DFBE01", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p22:*:*:*:*:*:*", "matchCriteriaId": "ADF51BCA-37DD-4642-B201-74A6D1A545FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p23:*:*:*:*:*:*", "matchCriteriaId": "39611F3D-A898-4C35-8915-3334CDFB78E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p3:*:*:*:*:*:*", "matchCriteriaId": "FA310AFA-492D-4A6C-A7F6-740E82CB6E57", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p4:*:*:*:*:*:*", "matchCriteriaId": "2AF337B5-B296-449B-8848-7636EC7C46C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p5:*:*:*:*:*:*", "matchCriteriaId": "52232ACA-C158-48C8-A0DB-7689040CB8FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p6:*:*:*:*:*:*", "matchCriteriaId": "3B4D0040-86D0-46C3-8A9A-3DD12138B9ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p7:*:*:*:*:*:*", "matchCriteriaId": "D2BB9BC7-078D-4E08-88E4-9432D74CA9BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p8:*:*:*:*:*:*", "matchCriteriaId": "F04D4B77-D386-4BC8-8169-9846693F6F11", "vulnerable": true}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:9.0.0:p9:*:*:*:*:*:*", "matchCriteriaId": "992370FA-F171-4FB3-9C1C-58AC37038CE4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters."}, {"lang": "es", "value": "Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el componente /public/launchNewWindow.jsp de Zimbra Collaboration (tambi\u00e9n se conoce como ZCS) versi\u00f3n 9.0, permite a atacantes no autenticados ejecutar un script web o HTML arbitrario por medio de par\u00e1metros de petici\u00f3n"}], "id": "CVE-2022-27926", "lastModified": "2025-10-31T18:42:15.267", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-04-21T00:15:08.450", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27926"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}