CVE Database · CVE-2022-27926
CVSS v3.1
6.1
EPSS
17.25%
Published
Apr 20, 2022
Modified
Oct 31, 2025
CISA Known Exploited Vulnerability
Added: 2023-04-03 · Due: 2023-04-24
Apply updates per vendor instructions.
Public PoC / Exploit (2)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NWeaknesses (CWE)
Affected Products (24)
References (7)