Bug 109018 - Non-Persistent XSS - Web Client [CWE-79]
Summary: Non-Persistent XSS - Web Client [CWE-79]
Status: RESOLVED FIXED
Alias: None
Product: ZCS
Classification: Unclassified
Component: Mail - Web Client (show other bugs)
Version: 8.5.0_ZCS_JudasPriest
Hardware: All Browsers All
: P2 critical
Target Milestone: ---
Assignee: Bug Owner
QA Contact: Girish Bhamare
URL: https://nvd.nist.gov/vuln-metrics/cvs...
Keywords: Security
Depends on:
Blocks:
 
Reported: 2018-07-22 01:54 EDT by Phil Pearl
Modified: 2018-10-18 02:37 EDT (History)
4 users (show)

See Also:
Feature Notes:
Eng Days:
QA Days:
Root Cause: ---
Fix Type: ---
QA Analysis: ---
CVE Number: CVE-2018-14013
CVSS Score: 2.6
CVE Reporter: Issam Rabhi <i.rabhi@sysdream.com>
ZCO Subcategory:
Queue Position:
Test Stories:
User Stories:
UX:
Developer:
PM:
QA:
Docs:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Phil Pearl 2018-07-22 01:54:57 EDT
A Non-persistent (aka Reflected) XSS vulnerability exists in the AJAX web client.  Details to follow.