Vulnerabilities > Synacor

DATE CVE VULNERABILITY TITLE RISK
2020-07-02 CVE-2020-13653 Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Suite
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11.
network
synacor CWE-79
4.3
2020-06-03 CVE-2020-12846 Unrestricted Upload of File With Dangerous Type vulnerability in Synacor Zimbra Collaboration Suite
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file.
network
synacor CWE-434
6.0
2020-02-18 CVE-2020-8633 Improper Preservation of Permissions vulnerability in Synacor Zimbra Collaboration Suite
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7.
network
low complexity
synacor CWE-281
5.0
2020-02-18 CVE-2020-7796 Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
network
synacor CWE-918
6.8
2020-01-27 CVE-2019-11318 Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Server
Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.
network
synacor CWE-79
3.5
2020-01-27 CVE-2015-2249 Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Server
Zimbra Collaboration before 8.6.0 patch5 has XSS.
network
synacor CWE-79
3.5
2020-01-27 CVE-2014-8563 OS Command Injection vulnerability in Synacor Zimbra Collaboration Server
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.
network
low complexity
synacor CWE-78
7.5
2020-01-27 CVE-2014-5500 Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Server
Synacor Zimbra Collaboration before 8.0.8 has XSS.
network
synacor CWE-79
4.3
2019-05-30 CVE-2015-7609 Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
network
synacor CWE-79
4.3
2019-05-30 CVE-2015-2230 Cross-Site Scripting vulnerability in Synacor Zimbra Collaboration Server
Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.
network
synacor CWE-79
4.3