top of page
Sentence 16
An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
Actual
Tags:
-
Exploit mechanism: Calendar Invite component, HTML
-
Exploit objective: arbitrary markup to be injected into the document
-
Attack pathway: HTML containing executable JavaScript
Predicted
Tags:
-
Exploit mechanism: place HTML containing executable JavaScript inside element attributes
-
Exploit objective: arbitrary markup to be injected into the document
-
Attack pathway: attacker
bottom of page