VYPR

Zm Build

by Zimbra

Source repositories

CVEs (13)

  • CVE-2018-6882MedKEVMar 27, 2018
    risk 0.60cvss 6.1epss 0.24

    Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an…

  • CVE-2015-7610HigMay 30, 2018
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging…

  • CVE-2018-10951MedMay 10, 2018
    risk 0.42cvss 6.5epss 0.01

    mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API.

  • CVE-2018-10939MedMay 30, 2018
    risk 0.40cvss 6.1epss 0.01

    Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.

  • CVE-2017-17703MedFeb 4, 2018
    risk 0.40cvss 6.1epss 0.01

    Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.

  • CVE-2018-10950MedMay 10, 2018
    risk 0.35cvss 5.3epss 0.01

    mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information Exposure through Verbose Error Messages containing a stack dump, tracing data, or full user-context dump.

  • CVE-2018-10949MedMay 10, 2018
    risk 0.35cvss 5.3epss 0.02

    mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors.

  • CVE-2017-8783MedFeb 4, 2018
    risk 0.35cvss 5.4epss 0.01

    Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.

  • CVE-2018-17938MedOct 3, 2018
    risk 0.34cvss 5.3epss 0.01

    Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.

  • CVE-2019-9621KEVApr 30, 2019
    risk 0.23cvss epss 0.81

    Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.

  • CVE-2025-68645KEVDec 22, 2025
    risk 0.16cvss epss 0.32

    A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the…

  • CVE-2025-66376KEVJan 5, 2026
    risk 0.13cvss epss 0.12

    Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

  • CVE-2025-67809Dec 15, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party…