Shodan
Vulnerabilities
Vulnerable Software
Zimbra:  Security Vulnerabilities
CVE-2020-35123
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.
CVSS Score
6.5
EPSS Score
0.009
Published
2020-12-17
CVE-2020-11737
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.
CVSS Score
6.1
EPSS Score
0.012
Published
2020-05-05
CVE-2020-10194
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request.
CVSS Score
6.5
EPSS Score
0.002
Published
2020-03-20
CVE-2013-1938
Zimbra 2013 has XSS in aspell.php
CVSS Score
6.1
EPSS Score
0.02
Published
2020-02-12
CVE-2019-15313
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
CVSS Score
6.1
EPSS Score
0.015
Published
2020-01-27
CVE-2019-8945
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
CVSS Score
6.1
EPSS Score
0.012
Published
2020-01-27
CVE-2019-8946
Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.
CVSS Score
6.1
EPSS Score
0.012
Published
2020-01-27
CVE-2019-8947
Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS.
CVSS Score
6.1
EPSS Score
0.012
Published
2020-01-27
CVE-2019-12427
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
CVSS Score
4.8
EPSS Score
0.007
Published
2020-01-27
CVE-2015-7610
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
CVSS Score
8.8
EPSS Score
0.065
Published
2018-05-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved