{"id":"CVE-2022-27926","details":"A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.","modified":"2026-04-10T04:46:47.044784Z","published":"2022-04-21T00:15:08.450Z","references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-27926"},{"type":"ADVISORY","url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"},{"type":"ADVISORY","url":"https://wiki.zimbra.com/wiki/Security_Center"},{"type":"ADVISORY","url":"https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-build","events":[{"introduced":"0"},{"last_affected":"b6cd8f69d2761c014d4a3807f0bdee0011386444"},{"introduced":"0"},{"last_affected":"5561a39cba0898c3bb5e188284d98f498d7a3c9a"},{"introduced":"0"},{"last_affected":"5561a39cba0898c3bb5e188284d98f498d7a3c9a"},{"introduced":"0"},{"last_affected":"d3209df466110d214b2ab6593f931a59c2127db8"},{"introduced":"0"},{"last_affected":"c8a93da38fd1572d864c1becbcc772ba91ee4403"},{"introduced":"0"},{"last_affected":"03d99a16095b73a73770fbb6131d10234cfc13fd"},{"introduced":"0"},{"last_affected":"bcb978ccc354d99d843725886083e321759b6765"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0.0-NA"},{"introduced":"0"},{"last_affected":"9.0.0-p1"},{"introduced":"0"},{"last_affected":"9.0.0-p19"},{"introduced":"0"},{"last_affected":"9.0.0-p20"},{"introduced":"0"},{"last_affected":"9.0.0-p23"},{"introduced":"0"},{"last_affected":"9.0.0-p4"},{"introduced":"0"},{"last_affected":"9.0.0-p7"}]}},{"type":"GIT","repo":"https://github.com/zimbra/zm-mailbox","events":[{"introduced":"0"},{"last_affected":"943f2188be659dbccc17e6082dc0c542f9debea4"},{"introduced":"0"},{"last_affected":"82e2bdc9c525585c3d3c2bb383ed80b1feaf878e"},{"introduced":"0"},{"last_affected":"e641be6dd504882bd357015c8012195d5bb49da2"},{"introduced":"0"},{"last_affected":"e641be6dd504882bd357015c8012195d5bb49da2"},{"introduced":"0"},{"last_affected":"52c811a0259419b4e3d177f80c0ba7562d375cfa"},{"introduced":"0"},{"last_affected":"459d2044a9a205efee2b8998be41762876174dde"},{"introduced":"0"},{"last_affected":"497eef64675f6ae63972c50c24e26048640748f6"},{"introduced":"0"},{"last_affected":"dbe58ce9fb59913993aa2d7a5f2c28a292ee4a86"},{"introduced":"0"},{"last_affected":"63c14463c4393c0fcdec4a470e448d1d7dab76d1"},{"introduced":"0"},{"last_affected":"4576339cd43ab64c19dc87591825ab51cb79f07a"},{"introduced":"0"},{"last_affected":"a6fdb2b0bbe8c189fd212d798f71f183fd3318ba"},{"introduced":"0"},{"last_affected":"f323d75b09d42a6313b47d9a74aae96ec66aa1f8"},{"introduced":"0"},{"last_affected":"7d74bc7bfd7f78c7261d0e52baf42716630fc3f0"},{"introduced":"0"},{"last_affected":"10b7ff251aee6f4770ad75377a1f81491ad5bdb9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0.0-p10"},{"introduced":"0"},{"last_affected":"9.0.0-p11"},{"introduced":"0"},{"last_affected":"9.0.0-p13"},{"introduced":"0"},{"last_affected":"9.0.0-p14"},{"introduced":"0"},{"last_affected":"9.0.0-p16"},{"introduced":"0"},{"last_affected":"9.0.0-p17"},{"introduced":"0"},{"last_affected":"9.0.0-p18"},{"introduced":"0"},{"last_affected":"9.0.0-p2"},{"introduced":"0"},{"last_affected":"9.0.0-p22"},{"introduced":"0"},{"last_affected":"9.0.0-p3"},{"introduced":"0"},{"last_affected":"9.0.0-p5"},{"introduced":"0"},{"last_affected":"9.0.0-p6"},{"introduced":"0"},{"last_affected":"9.0.0-p8"},{"introduced":"0"},{"last_affected":"9.0.0-p9"}]}}],"versions":["8.7.10","8.7.11","8.7.6","8.7.7","8.7.9","8.8.0.beta1","8.8.10","8.8.12","8.8.2","8.8.3","8.8.4","8.8.5","8.8.6","8.8.7","8.8.8","8.8.9","8.8.9.p1","8.8.9.p3","9.0.0","9.0.0.U20","9.0.0.p1","9.0.0.p10","9.0.0.p11","9.0.0.p13","9.0.0.p14","9.0.0.p16","9.0.0.p17","9.0.0.p18","9.0.0.p19","9.0.0.p2","9.0.0.p20","9.0.0.p22","9.0.0.p23","9.0.0.p3","9.0.0.p4","9.0.0.p5","9.0.0.p6","9.0.0.p7","9.0.0.p7.1","9.0.0.p8","9.0.0.p9"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0.0-p12"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-p15"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0.0-p21"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-27926.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}