7 results (0.010 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS. Synacor Zimbra Collaboration versiones anteriores a 8.0.9, permite una inyección de comandos de texto plano durante STARTTLS. • https://bugzilla.zimbra.com/show_bug.cgi?id=96105 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0

Zimbra Collaboration before 8.6.0 patch5 has XSS. Zimbra Collaboration versiones anteriores a 8.6.0 patch5, presenta una vulnerabilidad de tipo XSS. • https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Synacor Zimbra Collaboration before 8.0.8 has XSS. Synacor Zimbra Collaboration versiones anteriores a 8.0.8, presenta una vulnerabilidad de tipo XSS. • https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. Zimbra Collaboration versiones anteriores a 8.8.12 Patch 1, presenta una vulnerabilidad de tipo XSS persistente. • https://bugzilla.zimbra.com/show_bug.cgi?id=109117 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.12/P1 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console. Synacor Zimbra Collaboration Server 8.x anteior a 8.7.0 ha reflejado en admin Console • https://bugzilla.zimbra.com/show_bug.cgi?id=97625 https://wiki.zimbra.com/wiki/Security_Center • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •