| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-13653 | 4.3 |
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and execute
|
09-07-2020 - 20:29 | 02-07-2020 - 16:15 | |
| CVE-2020-12846 | 6.0 |
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Conta
|
05-06-2020 - 14:39 | 03-06-2020 - 17:15 | |
| CVE-2019-12427 | 3.5 |
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
|
28-01-2020 - 21:29 | 27-01-2020 - 19:15 | |
| CVE-2019-11318 | 3.5 |
Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.
|
28-01-2020 - 21:18 | 27-01-2020 - 19:15 | |
| CVE-2015-2230 | 4.3 |
Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console.
|
17-01-2020 - 13:06 | 30-05-2019 - 20:29 | |
| CVE-2019-9621 | 5.0 |
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
|
06-06-2019 - 20:29 | 30-04-2019 - 18:29 | |
| CVE-2015-7609 | 4.3 |
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.
|
31-05-2019 - 15:08 | 30-05-2019 - 20:29 | |
| CVE-2018-20160 | 7.5 |
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
|
30-05-2019 - 18:02 | 29-05-2019 - 22:29 |