Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
9.2AI Score
0.973EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.
8.8CVSS
9AI Score
0.008EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6.1CVSS
6.3AI Score
0.001EPSS
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
4.8CVSS
4.8AI Score
0.001EPSS
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
6.1CVSS
5.9AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
6.1CVSS
6.3AI Score
0.001EPSS
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.