Vulnerabilities > Synacor > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-30 CVE-2018-10948 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
network
low complexity
synacor CWE-79
4.8
2019-05-30 CVE-2018-15131 Information Exposure vulnerability in Synacor Zimbra Collaboration Suite
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3.
network
low complexity
synacor CWE-200
5.3
2019-05-29 CVE-2019-6981 Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
network
low complexity
synacor CWE-918
6.5
2019-05-29 CVE-2018-18631 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
network
low complexity
synacor CWE-79
6.1
2019-05-29 CVE-2018-14013 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
network
low complexity
synacor CWE-79
6.1
2018-10-03 CVE-2018-17938 Insufficient Verification of Data Authenticity vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
network
low complexity
synacor CWE-345
5.3
2018-05-30 CVE-2018-10939 Cross-site Scripting vulnerability in multiple products
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
network
low complexity
zimbra synacor CWE-79
6.1
2018-05-10 CVE-2018-10951 mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.
network
low complexity
zimbra synacor
6.5
2018-05-10 CVE-2018-10950 Information Exposure vulnerability in Synacor Zimbra Collaboration Suite
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.
network
low complexity
synacor CWE-200
5.3
2018-05-10 CVE-2018-10949 Information Exposure Through Discrepancy vulnerability in Synacor Zimbra Collaboration Suite
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.
network
low complexity
synacor CWE-203
5.3