Filtered by vendor Zimbra
Subscribe
Total
54 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10951 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2020-06-04 | 4.0 MEDIUM | 6.5 MEDIUM |
| mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. | |||||
| CVE-2020-11737 | 1 Zimbra | 1 Zimbra | 2020-05-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2. | |||||
| CVE-2013-1938 | 1 Zimbra | 1 Zimbra | 2020-02-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra 2013 has XSS in aspell.php | |||||
| CVE-2019-15313 | 1 Zimbra | 1 Collaboration Server | 2020-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. | |||||
| CVE-2019-12427 | 1 Zimbra | 1 Collaboration Server | 2020-01-28 | 3.5 LOW | 4.8 MEDIUM |
| Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. | |||||
| CVE-2019-8947 | 1 Zimbra | 1 Collaboration Server | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | |||||
| CVE-2019-8946 | 1 Zimbra | 1 Collaboration Server | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
| CVE-2019-8945 | 1 Zimbra | 1 Collaboration Server | 2020-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||||
| CVE-2019-9621 | 1 Zimbra | 1 Collaboration Server | 2019-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. | |||||
| CVE-2012-1213 | 1 Zimbra | 1 Zimbra | 2017-11-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | |||||
| CVE-2013-7217 | 1 Zimbra | 1 Collaboration Server | 2017-08-29 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. | |||||
| CVE-2008-1226 | 1 Zimbra | 1 Collaboration Suite | 2017-08-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment. | |||||
| CVE-2016-5721 | 1 Zimbra | 1 Zimbra Collaboration Server | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6541 | 1 Zimbra | 1 Zimbra Collaboration Server | 2016-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest. | |||||