VYPR

Zimbra Collaboration (ZCS)

by Zimbra

CVEs (87)

  • CVE-2020-18985Dec 15, 2021
    risk 0.00cvss epss 0.01

    An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.

  • CVE-2020-18984Dec 15, 2021
    risk 0.00cvss epss 0.01

    A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection.

  • CVE-2014-8563Jan 27, 2020
    risk 0.00cvss epss 0.03

    Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.

  • CVE-2019-8946Jan 27, 2020
    risk 0.00cvss epss 0.01

    Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.

  • CVE-2014-5500Jan 27, 2020
    risk 0.00cvss epss 0.01

    Synacor Zimbra Collaboration before 8.0.8 has XSS.

  • CVE-2019-12427Jan 27, 2020
    risk 0.00cvss epss 0.01

    Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.

  • CVE-2008-1226Mar 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image…

Page 5 of 5