CVSS: 5.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-8633
https://notcve.org/view.php?id=CVE-2020-8633
An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible. Se detectó un problema en Zimbra Collaboration Suite (ZCS) versiones anteriores a 8.8.15 Patch 7. Cuando los otorgantes revocan un calendario compartido en Outlook, el calendario se mantuvo montado y accesible. • https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 • CWE-281: Improper Preservation of Permissions •
CVSS: 9.8EPSS: 62%CPEs: 8EXPL: 0CVE-2020-7796
https://notcve.org/view.php?id=CVE-2020-7796
Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled. Zimbra Collaboration Suite (ZCS) versiones anteriores a 8.8.15 Patch 7, permite un ataque de tipo SSRF cuando WebEx zimlet es instalado y zimlet JSP está habilitado. • https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 1CVE-2015-7609
https://notcve.org/view.php?id=CVE-2015-7609
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra. Synacor Zimbra Mail Client 8.6 anerior a 8.6.0 Patch 5 tiene XSS a través del cuadro de diálogo error/warning y email body content en Zimbra. • https://bugzilla.zimbra.com/show_bug.cgi?id=101435 https://bugzilla.zimbra.com/show_bug.cgi?id=101436 https://wiki.zimbra.com/wiki/Security_Center https://www.fortiguard.com/zeroday/FG-VD-15-080 https://www.fortiguard.com/zeroday/FG-VD-15-081 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10948
https://notcve.org/view.php?id=CVE-2018-10948
Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs. Synacor Zimbra Admin UI en Zimbra Collaboration Suite Versión anterior de 8.8.0 beta 2 tiene XSS persistente a través de correos electrónicos. • https://bugzilla.zimbra.com/show_bug.cgi?id=107948 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2018-14425
https://notcve.org/view.php?id=CVE-2018-14425
There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. hay una vulnerabilidad persistente de XSS en el componente de la cartera de Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 versión anterior de 8.8.8 parche 7 y 8.8.9 Versiones anteriores de 8.8.9 parche 1. • https://bugzilla.zimbra.com/show_bug.cgi?id=108970 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •