Synacor: >> Zimbra Collaboration Suite >> 8.8.9 Security Vulnerabilities
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
CVSS Score
6.5
EPSS Score
0.003
Published
2019-05-29
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
CVSS Score
6.1
EPSS Score
0.412
Published
2019-05-29
CVE-2019-9621
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component.
Known exploited
CVSS Score
7.5
EPSS Score
0.94
Published
2019-04-30
Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.
CVSS Score
5.3
EPSS Score
0.006
Published
2018-10-03
Page 3