CVE-2022-27926

CVE Published	2022-04-21
Related Vendor(s)	zimbra
Related Product(s)	collaboration
Exploitation Reported (CISA KEV)	2023-04-03
CVSS 3 Base Score	6.1 (MEDIUM)
CVSS 3 Attack Complexity	LOW
CVSS 3 Attack Vector	NETWORK

A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Threat Reports Related to CVE-2022-27926

Report

Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign

The Insikt Group has observed the TAG-70 using cross-site scripting (XSS) vulnerabilities to target Roundcube webmail servers in Europe. The ...

View Source

Report

Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe

Proofpoint researchers describe espionage activity targeting US elected officials and staffers which they attribute to TA473 (also known as Winter ...

View Source

References

CVE-2022-27926

Cyber Threat Graph Context

Threat Reports Related to CVE-2022-27926

Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign

Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe

References

CVE.org

NIST National Vulnerability Database

CISA Known Exploited Vulnerabilities