CVE-2018-6882

CVE Database · CVE-2018-6882

CVE-2018-6882

· MEDIUMAnalyzed

CVSS v3.1

6.1

EPSS

23.72%

Published

Mar 27, 2018

Modified

Nov 4, 2025

CISA Known Exploited Vulnerability

Added: 2022-04-19 · Due: 2022-05-10

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (9)

synacor · zimbra_collaboration_suite (up to 8.7.0)vulnerable

synacor · zimbra_collaboration_suitevulnerable