Vulnerabilities > Zimbra

DATE CVE VULNERABILITY TITLE RISK
2021-07-02 CVE-2021-35208 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23.
network
zimbra CWE-79
3.5
2021-07-02 CVE-2021-35209 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16.
network
low complexity
zimbra CWE-918
7.5
2020-12-17 CVE-2020-35123 XXE vulnerability in Zimbra Collaboration 8.8.15/9.0.0
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks.
network
low complexity
zimbra CWE-611
4.0
2020-05-05 CVE-2020-11737 Cross-site Scripting vulnerability in Zimbra 9.0.0
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript.
network
zimbra CWE-79
4.3
2020-03-20 CVE-2020-10194 Incorrect Authorization vulnerability in Zimbra Zm-Mailbox
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account.
network
low complexity
zimbra CWE-863
4.0
2020-02-12 CVE-2013-1938 Cross-site Scripting vulnerability in Zimbra 2013
Zimbra 2013 has XSS in aspell.php
network
zimbra CWE-79
4.3
2020-01-27 CVE-2019-8947 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.
network
zimbra CWE-79
4.3
2020-01-27 CVE-2019-8946 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
network
zimbra CWE-79
4.3
2020-01-27 CVE-2019-8945 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
network
zimbra CWE-79
4.3
2020-01-27 CVE-2019-15313 Cross-site Scripting vulnerability in Zimbra Collaboration Server
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
network
zimbra CWE-79
4.3