Filtered by vendor Zimbra
Subscribe
Total
54 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-8947 | 1 Zimbra | 1 Collaboration Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | |||||
CVE-2019-8945 | 1 Zimbra | 1 Collaboration Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
CVE-2019-12427 | 1 Zimbra | 1 Collaboration Server | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. | |||||
CVE-2019-15313 | 1 Zimbra | 1 Collaboration Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. | |||||
CVE-2013-1938 | 1 Zimbra | 1 Zimbra | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zimbra 2013 has XSS in aspell.php | |||||
CVE-2019-9621 | 1 Zimbra | 1 Collaboration Server | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. | |||||
CVE-2018-10951 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2023-12-10 | 4.0 MEDIUM | 6.5 MEDIUM |
mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | |||||
CVE-2015-7610 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. | |||||
CVE-2018-10939 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group. | |||||
CVE-2016-5721 | 1 Zimbra | 1 Zimbra Collaboration Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2015-6541 | 1 Zimbra | 1 Zimbra Collaboration Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. | |||||
CVE-2013-7217 | 1 Zimbra | 1 Collaboration Server | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. | |||||
CVE-2012-1213 | 1 Zimbra | 1 Zimbra | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | |||||
CVE-2008-1226 | 1 Zimbra | 1 Collaboration Suite | 2023-12-10 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. |