CVE-2017-20188 | Zimbra zm-ajax up to 8.8.1 XFormItem.js XFormItem.prototype.setError message cross site scripting

CVE-2017-20188 | Zimbra zm-ajax up to 8.8.1 XFormItem.js XFormItem.prototype.setError message cross site scripting

A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument message leads to cross site scripting. This vulnerability is known as CVE-2017-20188. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.