CVE-2023-43103

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Dec 7, 2023

Updated: Dec 12, 2023

CWE ID 79

Summary

CVE-2023-43103 is a new Cross-Site Scripting (XSS) vulnerability that affects Zimbra Collaboration (ZCS) versions prior to 10.0.4. The issue arises due to an unsanitized parameter in a web endpoint, allowing malicious scripts to be injected into a victim's browser, potentially leading to unauthorized access to sensitive data or sessions. This vulnerability has been addressed in ZCS 8.8.15 Patch 43 and 9.0.0 Patch 36. Users are strongly encouraged to apply these patches to protect their systems against such attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zimbra Collaboration Suite

Affected Vendors

Zimbra

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/st7OQK
https://www.cve.org/CVERecord?id=CVE-2023-43103
https://nvd.nist.gov/vuln/detail/CVE-2023-43103

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners