VYPR

Zimbra Collaboration Suite

by VMware

CVEs (38)

  • CVE-2017-6821CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.04

    Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors.

  • CVE-2017-6813CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.03

    A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.

  • CVE-2016-9924CriMar 29, 2017
    risk 0.64cvss 9.8epss 0.03

    Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.

  • CVE-2016-3415CriJan 18, 2017
    risk 0.59cvss 9.1epss 0.02

    Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.

  • CVE-2026-33373HigMar 30, 2026
    risk 0.57cvss 8.8epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens…

  • CVE-2016-3403HigMay 17, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure…

  • CVE-2016-3406HigJan 18, 2017
    risk 0.57cvss 8.8epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and…

  • CVE-2016-4019HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 104477.

  • CVE-2016-3413HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996.

  • CVE-2016-3405HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828.

  • CVE-2016-3404HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103959.

  • CVE-2016-3402HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.

  • CVE-2025-48700MedKEVJun 23, 2025
    risk 0.46cvss 6.1epss 0.02

    An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to…

  • CVE-2016-3411MedJan 18, 2017
    risk 0.43cvss 6.1epss 0.04

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.

  • CVE-2016-3414MedJan 18, 2017
    risk 0.42cvss 6.5epss 0.02

    Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029.

  • CVE-2016-3401MedJan 18, 2017
    risk 0.42cvss 6.5epss 0.02

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.

  • CVE-2026-33370MedMar 20, 2026
    risk 0.40cvss 6.1epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a publicly shared Briefcase file…

  • CVE-2026-33368MedMar 20, 2026
    risk 0.40cvss 6.1epss 0.00

    Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Classic Webmail REST interface (/h/rest). The application fails to properly sanitize user-supplied input, allowing an unauthenticated attacker to inject malicious…

  • CVE-2017-17703MedFeb 4, 2018
    risk 0.40cvss 6.1epss 0.01

    Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.

  • CVE-2017-7288MedMay 23, 2017
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Page 1 of 2