OR
     *cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* versions up to (including) 8.7
     *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.0:*:*:*:*:*:*:*
     *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.1:*:*:*:*:*:*:*
     *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.2:*:*:*:*:*:*:*
     *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.3:*:*:*:*:*:*:*
     *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.4:*:*:*:*:*:*:*
     *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.5:*:*:*:*:*:*:*
     *cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.6:*:*:*:*:*:*:*

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Victim must voluntarily interact with attack mechanism

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79

http://seclists.org/fulldisclosure/2018/Mar/52 No Types Assigned

http://seclists.org/fulldisclosure/2018/Mar/52 Mailing List, Third Party Advisory

http://www.securityfocus.com/archive/1/archive/1/541891/100/0/threaded No Types Assigned

http://www.securityfocus.com/archive/1/archive/1/541891/100/0/threaded Third Party Advisory, VDB Entry

https://bugzilla.zimbra.com/show_bug.cgi?id=108786 No Types Assigned

https://bugzilla.zimbra.com/show_bug.cgi?id=108786 Issue Tracking

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7 No Types Assigned

https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7 Permissions Required

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories No Types Assigned

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories Vendor Advisory

https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html No Types Assigned

https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html Exploit, Third Party Advisory