VYPR

Zimbra Collaboration Suite

by VMware

CVEs (38)

  • CVE-2016-3999MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703.

  • CVE-2016-3412MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.

  • CVE-2016-3410MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995, 104475, 104838, and 104839.

  • CVE-2016-3409MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.

  • CVE-2016-3408MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813.

  • CVE-2016-3407MedJan 18, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.

  • CVE-2026-33372MedMar 20, 2026
    risk 0.35cvss 5.4epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens. The application accepts CSRF tokens supplied within the request body instead of requiring…

  • CVE-2026-33371MedMar 20, 2026
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is…

  • CVE-2026-33369MedMar 20, 2026
    risk 0.28cvss 4.3epss 0.00

    Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated…

  • CVE-2013-7091Dec 13, 2013
    risk 0.10cvss epss 0.86

    Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: this can be leveraged to execute…

  • CVE-2022-3569Oct 17, 2022
    risk 0.03cvss epss 0.01

    Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

  • CVE-2018-10948May 30, 2019
    risk 0.00cvss epss 0.01

    Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.

  • CVE-2018-14425May 30, 2019
    risk 0.00cvss epss 0.01

    There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.

  • CVE-2018-15131May 30, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x before 8.8.8 Patch 9, and 8.8.9 before 8.8.9 Patch 3. Account number enumeration is possible via inconsistent responses for specific types of…

  • CVE-2018-18631May 29, 2019
    risk 0.00cvss epss 0.01

    mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.

  • CVE-2018-14013May 29, 2019
    risk 0.00cvss epss 0.07

    Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.

  • CVE-2019-6980May 29, 2019
    risk 0.00cvss epss 0.04

    Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.

  • CVE-2013-5119Sep 23, 2013
    risk 0.00cvss epss 0.01

    Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.

Page 2 of 2