Synacor: >> Zimbra Collaboration Suite >> 6.0.9 Security Vulnerabilities
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
CVSS Score
9.8
EPSS Score
0.785
Published
2020-02-18
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-02-18
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.
CVSS Score
4.8
EPSS Score
0.002
Published
2019-05-30
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1.
CVSS Score
6.1
EPSS Score
0.022
Published
2019-05-30
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
CVSS Score
6.1
EPSS Score
0.398
Published
2019-05-29
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
CVSS Score
5.3
EPSS Score
0.009
Published
2018-10-03
CVE-2018-6882
Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment.
Known exploited
CVSS Score
6.1
EPSS Score
0.656
Published
2018-03-27
Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.
CVSS Score
6.1
EPSS Score
0.007
Published
2018-02-04
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.
CVSS Score
5.4
EPSS Score
0.008
Published
2018-02-04
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations.
CVSS Score
9.8
EPSS Score
0.017
Published
2017-05-23