Vulnerabilities > Zimbra > Zimbra Collaboration Server

DATE CVE VULNERABILITY TITLE RISK
2016-08-29 CVE-2016-5721 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
zimbra CWE-79
6.1
2016-04-08 CVE-2015-6541 Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration Server
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.
network
low complexity
zimbra CWE-352
8.8