An issue was discovered in the Calendar feature in Zimbra...
Moderate severity
Unreviewed
Published
Feb 10, 2022
to the GitHub Advisory Database
•
Updated Aug 17, 2023
Description
Published by the National Vulnerability Database
Feb 9, 2022
Published to the GitHub Advisory Database
Feb 10, 2022
Last updated
Aug 17, 2023
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
References