Vulnerabilities > Synacor > Zimbra Collaboration Suite > Medium

DATE CVE VULNERABILITY TITLE RISK
2021-12-15 CVE-2020-18984 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite 8.8.12
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection.
network
low complexity
synacor CWE-79
6.1
6.1
2021-12-15 CVE-2020-18985 Open Redirect vulnerability in Synacor Zimbra Collaboration Suite 8.8.12
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.
network
low complexity
synacor CWE-601
6.1
6.1
2020-07-02 CVE-2020-13653 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11.
network
low complexity
synacor CWE-79
6.1
6.1
2020-02-18 CVE-2020-8633 Improper Preservation of Permissions vulnerability in Synacor Zimbra Collaboration Suite
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7.
network
low complexity
synacor CWE-281
5.3
5.3
2019-05-30 CVE-2015-7609 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite 8.6.0
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
network
low complexity
synacor CWE-79
6.1
6.1
2019-05-30 CVE-2018-14425 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
network
low complexity
synacor CWE-79
6.1
6.1
2019-05-30 CVE-2018-10948 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
network
low complexity
synacor CWE-79
4.8
4.8
2019-05-30 CVE-2018-15131 Information Exposure vulnerability in Synacor Zimbra Collaboration Suite
An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3.
network
low complexity
synacor CWE-200
5.3
5.3
2019-05-29 CVE-2019-6981 Server-Side Request Forgery (SSRF) vulnerability in Synacor Zimbra Collaboration Suite
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
network
low complexity
synacor CWE-918
6.5
6.5
2019-05-29 CVE-2018-18631 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
network
low complexity
synacor CWE-79
6.1
6.1