Vulnerabilities > Zimbra > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-12 | CVE-2013-1938 | Cross-site Scripting vulnerability in Zimbra 2013 Zimbra 2013 has XSS in aspell.php | 6.1 |
| 2020-01-27 | CVE-2019-8947 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | 6.1 |
| 2020-01-27 | CVE-2019-8946 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | 6.1 |
| 2020-01-27 | CVE-2019-8945 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | 6.1 |
| 2020-01-27 | CVE-2019-15313 | Cross-site Scripting vulnerability in Zimbra Collaboration Server In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. | 6.1 |
| 2020-01-27 | CVE-2019-12427 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. | 4.8 |
| 2018-05-30 | CVE-2018-10939 | Cross-site Scripting vulnerability in multiple products Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. | 6.1 |
| 2018-05-10 | CVE-2018-10951 | mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | 6.5 |
| 2016-08-29 | CVE-2016-5721 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |