Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2017-8802 PoC — Zimbra Collaboration Suite 跨站脚本漏洞

Source
https://github.com/ozzi-/Zimbra-CVE-2017-8802-Hotifx
Associated Vulnerability
Title:Zimbra Collaboration Suite 跨站脚本漏洞 (CVE-2017-8802)
Description:Zimbra Collaboration Suite(ZCS)是美国Zimbra公司的一款开源协同办公套件,它包括WebMail、日历、通信录等。 ZCS 8.8.0 Beta2之前的版本中存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
Description
Security hotfix for CVE-2017-8802
Readme
# CVE-2017-8802
This Zimlet fixes CVE-2017-8802 by disabling the "Show Fragment" / Snippet functionality.
For further information see: https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

## How to deploy Zimlets
https://www.zimbra.com/docs/os/6.0.10/administration_guide/Zimlets.11.4.html
File Snapshot

 [4.0K]  /data/pocs/9e0ce78a2eed18ca0cb2bf1f18fb6c100c1e6153
├── [ 352]  com_zgheb_shf.js
├── [ 397]  com_zgheb_shf.xml
├── [ 803]  com_zgheb_shf.zip
├── [ 34K]  LICENSE
└── [ 294]  README.md

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.