Vulnerabilities > Synacor > Zimbra Collaboration Suite
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-30 | CVE-2018-15131 | Information Exposure vulnerability in Synacor Zimbra Collaboration Suite An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. | 5.0 |
| 2019-05-29 | CVE-2019-9670 | XXE vulnerability in Synacor Zimbra Collaboration Suite mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml. | 9.8 |
| 2019-05-29 | CVE-2019-6981 | Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | 4.0 |
| 2019-05-29 | CVE-2019-6980 | Deserialization of Untrusted Data vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component. | 7.5 |
| 2019-05-29 | CVE-2018-20160 | XXE vulnerability in Synacor Zimbra Collaboration Suite ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd. | 7.5 |
| 2019-05-29 | CVE-2018-18631 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS. | 4.3 |
| 2019-05-29 | CVE-2018-14013 | Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients. | 4.3 |
| 2018-10-03 | CVE-2018-17938 | Insufficient Verification of Data Authenticity vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. | 5.0 |
| 2018-05-30 | CVE-2018-10939 | Cross-site Scripting vulnerability in multiple products Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. | 4.3 |
| 2018-05-30 | CVE-2015-7610 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. | 6.8 |