CVE-2019-7219
CVE-2019-7219
Vexday Risk Score
18Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 5.2%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
11 Apr 2019Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
Affected products
n/a · n/a