ZimbraCVEs & Vulnerabilities

58 CVEs affecting Zimbra products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

collaboration 99collaboration server 28zimbra 9zimbra collaboration suite 2zm-mailbox 2collaboration suite 2zimbra collaboration server 2zm-ajax 1
CVE-2019-8945MEDIUM

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS.

27 Jan 2020
6.1
CVSS
CVE-2019-15313MEDIUM

In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.

27 Jan 2020
6.1
CVSS
CVE-2019-12427MEDIUM

Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.

27 Jan 2020
4.8
CVSS
CVE-2018-10939MEDIUM

Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.

31 May 2018
6.1
CVSS
CVE-2015-7610HIGH

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.

31 May 2018
8.8
CVSS
CVE-2016-5721MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

29 Aug 2016
6.1
CVSS
CVE-2015-6541HIGHpoc

Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.

8 Apr 2016
8.8
CVSS
CVE-2013-7217CRITICAL

Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091.

26 Dec 2013
10.0
CVSS
CVE-2012-1213MEDIUMpoc

Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.

24 Feb 2012
4.3
CVSS
CVE-2008-1226MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment.

10 Mar 2008
4.3
CVSS
← PrevPage 2 / 2Next →