{"id":"CVE-2020-18984","details":"A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection.","modified":"2026-04-10T04:18:45.086347Z","published":"2021-12-15T23:15:08.693Z","references":[{"type":"REPORT","url":"https://github.com/buxu/bug/issues/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-build","events":[{"introduced":"0"},{"last_affected":"a3f5dae50fd9c34d9802c5fb2783dd130a600eff"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.8.12-NA"}]}}],"versions":["8.7.10","8.7.11","8.7.6","8.7.7","8.7.9","8.8.0.beta1","8.8.10","8.8.12","8.8.2","8.8.3","8.8.4","8.8.6","8.8.7","8.8.8","8.8.9","8.8.9.p1","8.8.9.p3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-18984.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}