VYPR

Zimbra

by Zimbra

CVEs (16)

  • CVE-2016-3405HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828.

  • CVE-2016-3402HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.

  • CVE-2016-3401MedJan 18, 2017
    risk 0.42cvss 6.5epss 0.02

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.

  • CVE-2016-3410MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.

  • CVE-2016-3409MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.

  • CVE-2016-3408MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813.

  • CVE-2016-3407MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.

  • CVE-2023-34192KEVJul 6, 2023
    risk 0.19cvss epss 0.77

    Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

  • CVE-2013-7091Dec 13, 2013
    risk 0.10cvss epss 0.86

    Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute…

  • CVE-2012-1213Feb 24, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.

  • CVE-2024-9665Nov 22, 2024
    risk 0.00cvss epss 0.00

    Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must…

  • CVE-2023-34193Jul 6, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.

  • CVE-2022-37393Aug 16, 2022
    risk 0.00cvss epss 0.02

    Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as…

  • CVE-2020-12846Jun 3, 2020
    risk 0.00cvss epss 0.03

    Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as…

  • CVE-2020-11737May 5, 2020
    risk 0.00cvss epss 0.02

    A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including…

  • CVE-2013-1938Feb 12, 2020
    risk 0.00cvss epss 0.03

    Zimbra 2013 has XSS in aspell.php