{"id":"CVE-2018-18631","details":"mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.","modified":"2026-03-12T22:48:26.915190Z","published":"2019-05-29T22:29:01.240Z","references":[{"type":"ADVISORY","url":"https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"},{"type":"REPORT","url":"https://bugzilla.zimbra.com/show_bug.cgi?id=109020"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/zimbra/zm-build","events":[{"introduced":"0"},{"last_affected":"6c3c77b328a0d7d3bafecb79d202960217922ef0"},{"introduced":"0"},{"last_affected":"99ed312c10c45aa80e08be0c0ecbce46a53a4ace"},{"introduced":"0"},{"last_affected":"d077c8d575b8d2ea5ef93331958237b22e42e6f7"},{"introduced":"0"},{"last_affected":"2705a9ca4782dcc4bea5f7d3653c2bf93f8582bb"},{"introduced":"0"},{"last_affected":"0867fcb7263fa9a1130b192d8c8538b05db4eee6"},{"introduced":"0"},{"last_affected":"4a8e4bee73cd2c8e5804788ef5212d0d180f5846"},{"introduced":"0"},{"last_affected":"7b0d4aa4baaf4d62a4858b390856771d30db3c37"},{"introduced":"0"},{"last_affected":"5000d7ff7c8650dbfff91678647fabc2bbf0e64b"},{"introduced":"0"},{"last_affected":"5000d7ff7c8650dbfff91678647fabc2bbf0e64b"},{"introduced":"0"},{"last_affected":"5000d7ff7c8650dbfff91678647fabc2bbf0e64b"},{"introduced":"0"},{"last_affected":"14a4dfad173dbbe623229e1a850b7610c76bc280"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.7.11-NA"},{"introduced":"0"},{"last_affected":"8.7.11-p1"},{"introduced":"0"},{"last_affected":"8.7.11-p2"},{"introduced":"0"},{"last_affected":"8.7.11-p3"},{"introduced":"0"},{"last_affected":"8.7.11-p4"},{"introduced":"0"},{"last_affected":"8.7.11-p5"},{"introduced":"0"},{"last_affected":"8.7.11-p6"},{"introduced":"0"},{"last_affected":"8.8.9-NA"},{"introduced":"0"},{"last_affected":"8.8.9-p1"},{"introduced":"0"},{"last_affected":"8.8.9-p3"},{"introduced":"0"},{"last_affected":"8.8.10-NA"}]}},{"type":"GIT","repo":"https://github.com/zimbra/zm-mailbox","events":[{"introduced":"0"},{"last_affected":"d3c6ef3616ff8d06555806b60d3a4aa5a3ab6d92"},{"introduced":"0"},{"last_affected":"66b2b24c8346512d4411c40189ec3556029272a7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.8.9-p2"},{"introduced":"0"},{"last_affected":"8.8.9-p4"}]}}],"versions":["8.7.10","8.7.11","8.7.6","8.7.7","8.7.9","8.8.0.beta1","8.8.2","8.8.3","8.8.4","8.8.5","8.8.6","8.8.7","8.8.8","8.8.9","8.8.9.p1","8.8.9.p2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"8.7.0"},{"fixed":"8.7.11"}]},{"events":[{"introduced":"8.8.0"},{"fixed":"8.8.9"}]},{"events":[{"introduced":"0"},{"last_affected":"8.6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.8.9-p6"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-18631.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}