Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2022-41352 template #9608

Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions http/cves/2022/CVE-2022-41352.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
id: CVE-2022-41352

info:
name: Zimbra Improper Encoding or Escaping of Output
author: rxerium
severity: critical
description: An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
metadata:
max-request: 1
tags: zimbra,kev

http:
- method: GET
path:
- "{{BaseURL}}/js/zimbraMail/share/model/ZmSettings.js"

matchers-condition: and
matchers:
- type: word
part: body
words:
- "Zimbra Collaboration Suite Web Client"

- type: word
part: header
words:
- "application/x-javascript"

- type: word
words:
- "8.8.15"
- "9.0"
part: version

extractors:
- type: regex
part: body
group: 1
regex:
- 'CLIENT_VERSION\", {type:ZmSetting.T_CONFIG, defaultValue:\"(.*?)"'
Loading