CVE-2022-27926

6.1

CVSS
Medium

PUBLISHED

A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows...

Exploited in the wild Remote Low complexity

Vendor: Zimbra
Product: Collaboration
Published: Apr 20, 2022
EPSS: —

Description

A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.

windows cisa nuclei_scanner

CVSS scores

CVSS v3.1 6.1 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0 4.3

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitation status

Exploited in the wild

Recorded 2023-04-03 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: partial

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Apr 03, 2023

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-27926.yaml	Apr 25, 2025

Vulnerability detail