Home
Mapping Frameworks
Known Exploited Vulnerabilities Home
Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Known Exploited Vulnerabilities CVE-2023-34192

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

Mappings

Capability ID	Capability Description	Mapping Type	ATT&CK ID	ATT&CK Name	Notes
CVE-2023-34192	Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability	exploitation_technique	T1055	Process Injection	Comments The /h/autoSaveDraft function in Zimbra Collaboration Suite can be targeted by an authenticated attacker's malicious scripts, facilitating arbitrary code execution, as well as session cookie theft. References https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/
CVE-2023-34192	Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability	primary_impact	T1059	Command and Scripting Interpreter	Comments The /h/autoSaveDraft function in Zimbra Collaboration Suite can be targeted by an authenticated attacker's malicious scripts, facilitating arbitrary code execution, as well as session cookie theft. References https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/
CVE-2023-34192	Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability	secondary_impact	T1185	Browser Session Hijacking	Comments The /h/autoSaveDraft function in Zimbra Collaboration Suite can be targeted by an authenticated attacker's malicious scripts, facilitating arbitrary code execution, as well as session cookie theft. References https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/