Vulnerabilities > Synacor > Zimbra Collaboration Suite

DATE CVE VULNERABILITY TITLE RISK
2022-10-17 CVE-2022-3569 Unspecified vulnerability in Synacor Zimbra Collaboration Suite
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.
local
low complexity
synacor
7.8
2021-12-15 CVE-2020-18984 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite 8.8.12
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection.
network
low complexity
synacor CWE-79
6.1
2021-12-15 CVE-2020-18985 Open Redirect vulnerability in Synacor Zimbra Collaboration Suite 8.8.12
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.
network
low complexity
synacor CWE-601
6.1
2020-07-02 CVE-2020-13653 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11.
network
low complexity
synacor CWE-79
6.1
2020-06-03 CVE-2020-12846 Unrestricted Upload of File with Dangerous Type vulnerability in Synacor Zimbra Collaboration Suite
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file.
network
low complexity
synacor CWE-434
8.0
2020-02-18 CVE-2020-8633 Improper Preservation of Permissions vulnerability in Synacor Zimbra Collaboration Suite
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7.
network
low complexity
synacor CWE-281
5.3
2020-02-18 CVE-2020-7796 Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
network
low complexity
synacor CWE-918
critical
9.8
2019-05-30 CVE-2015-7609 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
network
low complexity
synacor CWE-79
6.1
2019-05-30 CVE-2018-14425 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
network
low complexity
synacor CWE-79
6.1
2019-05-30 CVE-2018-10948 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
network
low complexity
synacor CWE-79
4.8