| Max CVSS | 7.5 | Min CVSS | 3.5 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-9670 | 7.5 |
mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability, as demonstrated by Autodiscover/Autodiscover.xml.
|
24-07-2024 - 17:00 | 29-05-2019 - 22:29 | |
| CVE-2020-13653 | 4.3 |
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and execute
|
09-07-2020 - 20:29 | 02-07-2020 - 16:15 | |
| CVE-2020-12846 | 6.0 |
Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Conta
|
05-06-2020 - 14:39 | 03-06-2020 - 17:15 | |
| CVE-2020-11737 | 4.3 |
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with
|
07-05-2020 - 20:37 | 05-05-2020 - 15:15 | |
| CVE-2019-15313 | 4.3 |
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
|
29-01-2020 - 17:07 | 27-01-2020 - 19:15 | |
| CVE-2019-12427 | 3.5 |
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
|
28-01-2020 - 21:29 | 27-01-2020 - 19:15 | |
| CVE-2019-8947 | 4.3 |
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.
|
28-01-2020 - 21:26 | 27-01-2020 - 19:15 | |
| CVE-2019-8946 | 4.3 |
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
|
28-01-2020 - 21:24 | 27-01-2020 - 19:15 | |
| CVE-2019-8945 | 4.3 |
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
|
28-01-2020 - 21:20 | 27-01-2020 - 19:15 | |
| CVE-2019-11318 | 3.5 |
Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.
|
28-01-2020 - 21:18 | 27-01-2020 - 19:15 | |
| CVE-2018-14425 | 4.3 |
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
|
31-05-2019 - 12:20 | 30-05-2019 - 18:29 | |
| CVE-2018-20160 | 7.5 |
ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.
|
30-05-2019 - 18:02 | 29-05-2019 - 22:29 | |
| CVE-2019-6981 | 4.0 |
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
|
30-05-2019 - 17:44 | 29-05-2019 - 22:29 | |
| CVE-2019-6980 | 7.5 |
Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.
|
30-05-2019 - 17:40 | 29-05-2019 - 22:29 | |
| CVE-2018-18631 | 4.3 |
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
|
30-05-2019 - 16:47 | 29-05-2019 - 22:29 | |
| CVE-2018-14013 | 4.3 |
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
|
30-05-2019 - 16:25 | 29-05-2019 - 22:29 |