Vulnerabilities > Zimbra

DATE CVE VULNERABILITY TITLE RISK
2020-03-20 CVE-2020-10194 Missing Authorization vulnerability in Zimbra Zm-Mailbox
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account.
network
low complexity
zimbra CWE-862
6.5
6.5
2020-02-12 CVE-2013-1938 Cross-site Scripting vulnerability in Zimbra 2013
Zimbra 2013 has XSS in aspell.php
network
low complexity
zimbra CWE-79
6.1
6.1
2020-01-27 CVE-2019-8947 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.
network
low complexity
zimbra CWE-79
6.1
6.1
2020-01-27 CVE-2019-8946 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
network
low complexity
zimbra CWE-79
6.1
6.1
2020-01-27 CVE-2019-8945 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
network
low complexity
zimbra CWE-79
6.1
6.1
2020-01-27 CVE-2019-15313 Cross-site Scripting vulnerability in Zimbra Collaboration Server
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
network
low complexity
zimbra CWE-79
6.1
6.1
2020-01-27 CVE-2019-12427 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
network
low complexity
zimbra CWE-79
4.8
4.8
2019-04-30 CVE-2019-9621 Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration Server
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
network
low complexity
zimbra CWE-918
7.5
7.5
2018-05-30 CVE-2018-10939 Cross-site Scripting vulnerability in multiple products
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.
network
low complexity
zimbra synacor CWE-79
6.1
6.1
2018-05-30 CVE-2015-7610 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
network
low complexity
zimbra synacor CWE-352
8.8
8.8