Lucene search

Collaboration Server Security Vulnerabilities

cve

CVE-2013-7217

Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.

9.2AI Score

0.973EPSS

2013-12-26 06:55 PM

cve

CVE-2015-6541

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.

8.8CVSS

9AI Score

0.008EPSS

2016-04-08 02:59 PM

cve

CVE-2016-5721

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.1CVSS

6.3AI Score

0.001EPSS

2016-08-29 05:59 PM

cve

CVE-2019-12427

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.

4.8CVSS

4.8AI Score

0.001EPSS

2020-01-27 07:15 PM

cve

CVE-2019-15313

In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.

6.1CVSS

5.9AI Score

0.001EPSS

2020-01-27 07:15 PM

cve

CVE-2019-8945

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.

6.1CVSS

6.3AI Score

0.001EPSS

2020-01-27 07:15 PM

cve

CVE-2019-8946

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.

6.1CVSS

6.3AI Score

0.001EPSS

2020-01-27 07:15 PM

cve

CVE-2019-8947

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.

6.1CVSS

6.3AI Score

0.001EPSS

2020-01-27 07:15 PM

cve

CVE-2019-9621

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

7.5CVSS

7.5AI Score

0.905EPSS

2019-04-30 06:29 PM

185

In Wild