CVE-2019-7219
published 2019-04-11CVE-2019-7219: Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed…
PriorityP340medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.17%
91.4th percentile
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zarafa | webaccess | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2019-7219 [MEDIUM] Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
Zarafa WebApp "
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a0047304502202f72efa333fbcf13dc19dff209baf0afca5b1b6b86f2377e28db9c31accd9afe0221009cad2a983e5048dc3eca8f8b8f77d609fd426b264d58c8273235d0afb3376330:922c64590222798bb761d5b6d8e72950
Bugzilla
CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204 [epel-7]
bugzilla·2019-04-12·CVSS 6.1
CVE-2019-7219 [MEDIUM] CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204 [epel-7]
CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204 [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-7.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the follow
Bugzilla
CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204
bugzilla·2019-04-12·CVSS 6.1
CVE-2019-7219 [MEDIUM] CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204
CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa WebAccess 7.2.0-48204. NOTE: this is a discontinued product. The issue was fixed in later Zarafa WebAccess versions; however, some former Zarafa WebAccess customers use the related Kopano product instead.
Discussion:
Created zarafa tracking bugs for this issue:
Affects: epel-6 [bug 1699312]
Affects: epel-7 [bug 1699313]
---
Marian, I guess you don't have any more details rather than in publicly available sources, right? I opened https://github.com/verifysecurity/CVE-2019-7219/issues/1 to request some more details, given the current description is quirky (and it is currently unclear to me if it even affects the Zarafa W
Bugzilla
CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204 [epel-6]
bugzilla·2019-04-12·CVSS 6.1
CVE-2019-7219 [MEDIUM] CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204 [epel-6]
CVE-2019-7219 zarafa: Unauthenticated cross-site scripting exists in Zarafa WebAccess 7.2.0-48204 [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the follow
2019-04-11
Published