Collaboration Server
by Zimbra
Source repositories
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8945 | 0.00 | — | 0.01 | Jan 27, 2020 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||
| CVE-2019-8947 | 0.00 | — | 0.01 | Jan 27, 2020 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. | |||
| CVE-2015-2249 | 0.00 | — | 0.01 | Jan 27, 2020 | Zimbra Collaboration before 8.6.0 patch5 has XSS. | |||
| CVE-2019-11318 | 0.00 | — | 0.01 | Jan 27, 2020 | Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. | |||
| CVE-2019-15313 | 0.00 | — | 0.01 | Jan 27, 2020 | In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. | |||
| CVE-2019-6981 | 0.00 | — | 0.01 | May 29, 2019 | Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component. | |||
| CVE-2013-7217 | 0.00 | — | 0.03 | Dec 26, 2013 | Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. | |||
| CVE-2008-1226 | 0.00 | — | 0.01 | Mar 10, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image… | |||
| CVE-2007-0284 | 0.00 | — | 0.02 | Jan 17, 2007 | Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. |
- CVE-2019-8945Jan 27, 2020risk 0.00cvss —epss 0.01
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
- CVE-2019-8947Jan 27, 2020risk 0.00cvss —epss 0.01
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.
- CVE-2015-2249Jan 27, 2020risk 0.00cvss —epss 0.01
Zimbra Collaboration before 8.6.0 patch5 has XSS.
- CVE-2019-11318Jan 27, 2020risk 0.00cvss —epss 0.01
Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS.
- CVE-2019-15313Jan 27, 2020risk 0.00cvss —epss 0.01
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
- CVE-2019-6981May 29, 2019risk 0.00cvss —epss 0.01
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
- CVE-2013-7217Dec 26, 2013risk 0.00cvss —epss 0.03
Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.
- CVE-2008-1226Mar 10, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image…
- CVE-2007-0284Jan 17, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.
Page 3 of 3