Vulnerabilities > Zimbra
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-07-02 | CVE-2021-34807 | Open Redirect vulnerability in Zimbra Collaboration An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. | 5.8 |
| 2021-07-02 | CVE-2021-35207 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. | 4.3 |
| 2021-07-02 | CVE-2021-35208 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. | 3.5 |
| 2021-07-02 | CVE-2021-35209 | Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.x before 9.0.0 Patch 16. | 7.5 |
| 2020-12-17 | CVE-2020-35123 | XXE vulnerability in Zimbra Collaboration 8.8.15/9.0.0 In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. | 4.0 |
| 2020-05-05 | CVE-2020-11737 | Cross-site Scripting vulnerability in Zimbra 9.0.0 A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. | 4.3 |
| 2020-03-20 | CVE-2020-10194 | Incorrect Authorization vulnerability in Zimbra Zm-Mailbox cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. | 4.0 |
| 2020-02-12 | CVE-2013-1938 | Cross-site Scripting vulnerability in Zimbra 2013 Zimbra 2013 has XSS in aspell.php | 4.3 |
| 2020-01-27 | CVE-2019-8947 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | 4.3 |
| 2020-01-27 | CVE-2019-8946 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | 4.3 |