Zimbra Collaboration (ZCS)
by Zimbra
CVEs (87)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-18985 | 0.00 | — | 0.01 | Dec 15, 2021 | An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing. | |||
| CVE-2020-18984 | 0.00 | — | 0.01 | Dec 15, 2021 | A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection. | |||
| CVE-2014-8563 | 0.00 | — | 0.03 | Jan 27, 2020 | Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. | |||
| CVE-2019-8946 | 0.00 | — | 0.01 | Jan 27, 2020 | Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. | |||
| CVE-2014-5500 | 0.00 | — | 0.01 | Jan 27, 2020 | Synacor Zimbra Collaboration before 8.0.8 has XSS. | |||
| CVE-2019-12427 | 0.00 | — | 0.01 | Jan 27, 2020 | Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. | |||
| CVE-2008-1226 | 0.00 | — | 0.01 | Mar 10, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image… |
- CVE-2020-18985Dec 15, 2021risk 0.00cvss —epss 0.01
An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary website of their choosing.
- CVE-2020-18984Dec 15, 2021risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration 8.8.12 allows unauthenticated attackers to execute arbitrary web scripts or HTML via a host header injection.
- CVE-2014-8563Jan 27, 2020risk 0.00cvss —epss 0.03
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.
- CVE-2019-8946Jan 27, 2020risk 0.00cvss —epss 0.01
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
- CVE-2014-5500Jan 27, 2020risk 0.00cvss —epss 0.01
Synacor Zimbra Collaboration before 8.0.8 has XSS.
- CVE-2019-12427Jan 27, 2020risk 0.00cvss —epss 0.01
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
- CVE-2008-1226Mar 10, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image…
Page 5 of 5