.. / CVE-2018-14013

Exploit for Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting (CVE-2018-14013)

Description:

Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients.

Nuclei Template

View the template here CVE-2018-14013.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2018/CVE-2018-14013.yaml
Copy

References:

https://bugzilla.zimbra.com/show_bug.cgi?id=109017
https://github.com/ARPSyndicate/kenzer-templates
https://nvd.nist.gov/vuln/detail/CVE-2018-14013
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://bugzilla.zimbra.com/show_bug.cgi?id=109018