Unrated severityCISA KEVNVD Advisory· Published Mar 27, 2018· Updated Oct 21, 2025

CVE-2018-6882

Description

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2018/Mar/52mitremailing-listx_refsource_FULLDISC
www.securityfocus.com/archive/1/541891/100/0/threadedmitremailing-listx_refsource_BUGTRAQ
bugzilla.zimbra.com/show_bug.cgimitrex_refsource_CONFIRM
wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7mitrex_refsource_CONFIRM
wiki.zimbra.com/wiki/Zimbra_Security_Advisoriesmitrex_refsource_CONFIRM
www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.htmlmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.064
exploit	0.000
kev	0.120
patch	0.000
ransomware	0.060