{"id":"CVE-2018-10939","details":"Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.","modified":"2026-04-10T04:04:11.560563Z","published":"2018-05-30T21:29:00.363Z","references":[{"type":"FIX","url":"https://blog.zimbra.com/2018/05/new-zimbra-patches-8-8-8-patch-4-and-8-7-11-patch-4/"},{"type":"FIX","url":"https://wiki.zimbra.com/wiki/Security_Center"},{"type":"FIX","url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.11/P4"},{"type":"FIX","url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.8/P4"},{"type":"FIX","url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-build","events":[{"introduced":"0"},{"last_affected":"6c3c77b328a0d7d3bafecb79d202960217922ef0"},{"introduced":"0"},{"last_affected":"a12f6b5f02776dff1d0554a7998ae6c6ee0dd820"},{"introduced":"0"},{"last_affected":"99ed312c10c45aa80e08be0c0ecbce46a53a4ace"},{"introduced":"0"},{"last_affected":"d077c8d575b8d2ea5ef93331958237b22e42e6f7"},{"introduced":"0"},{"last_affected":"2705a9ca4782dcc4bea5f7d3653c2bf93f8582bb"},{"introduced":"0"},{"last_affected":"5401294d39c5d8512e7d24bd2d10ebac76e2b04c"},{"introduced":"0"},{"last_affected":"5401294d39c5d8512e7d24bd2d10ebac76e2b04c"}],"database_specific":{"versions":[{"introduced":"8.7.0"},{"last_affected":"8.7.11"},{"introduced":"8.8.0"},{"last_affected":"8.8.8"},{"introduced":"0"},{"last_affected":"8.7.11-p1"},{"introduced":"0"},{"last_affected":"8.7.11-p2"},{"introduced":"0"},{"last_affected":"8.7.11-p3"},{"introduced":"0"},{"last_affected":"8.8.8-p1"},{"introduced":"0"},{"last_affected":"8.8.8-p3"}]}}],"versions":["8.7.10","8.7.11","8.7.11.p1","8.7.11.p2","8.7.11.p3","8.7.6","8.7.7","8.7.9","8.8.0.beta1","8.8.2","8.8.3","8.8.4","8.8.6","8.8.7","8.8.8","8.8.8.p1","8.8.8.p3","8.8.8.p4","8.8.8.p7"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.8.8-p2"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10939.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}