Vulnerabilities > Zimbra
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-09-23 | CVE-2013-5119 | Improper Authentication vulnerability in Synacor Zimbra Collaboration Suite Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token. | 6.8 |
| 2012-02-24 | CVE-2012-1213 | Cross-Site Scripting vulnerability in Zimbra Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | 4.3 |
| 2008-03-10 | CVE-2008-1226 | Cross-Site Scripting vulnerability in Zimbra Collaboration Suite 4.0.3/4.5.6 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. | 4.3 |