Medium severity6.1CISA KEVOSV Advisory· Published Mar 27, 2018· Updated Jun 17, 2026
CVE-2018-6882
CVE-2018-6882
Description
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < 8.7 Patch 1, < 8.8.7
Patches
Vulnerability mechanics
References
7- www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.htmlnvdExploitThird Party Advisory
- seclists.org/fulldisclosure/2018/Mar/52nvdMailing ListThird Party Advisory
- www.securityfocus.com/archive/1/541891/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesnvdVendor Advisory
- bugzilla.zimbra.com/show_bug.cginvdBroken LinkIssue TrackingPermissions Required
- wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7nvdPermissions Required
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.