Page 3 of 15 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 28EXPL: 0

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17. En Zimbra Collaboration Suite Network Edition versiones anteriores a 9.0.0 P10 y versión 8.8.15 P17, se presenta una vulnerabilidad de tipo XXE en la extensión de la tienda de consumidores saml, que es vulnerable a ataques de tipo XXE.&#xa0;Esto ha sido corregido en la edición Zimbra Collaboration Suite Network versión 9.0.0 Parche 10 y 8.8.15 Parche 17 • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P17 https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P10 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. Zimbra Collaboration versiones 8.7.x - 8.8.11P2, contiene una vulnerabilidad de tipo XSS persistente. • https://bugzilla.zimbra.com/show_bug.cgi?id=109122 https://bugzilla.zimbra.com/show_bug.cgi?id=109123 https://bugzilla.zimbra.com/show_bug.cgi?id=109124 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. Zimbra Collaboration versiones 8.7.x - 8.8.11P2, contiene una vulnerabilidad de tipo XSS persistente. • https://bugzilla.zimbra.com/show_bug.cgi?id=109122 https://bugzilla.zimbra.com/show_bug.cgi?id=109123 https://bugzilla.zimbra.com/show_bug.cgi?id=109124 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0

Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. Zimbra Collaboration versiones 8.7.x - 8.8.11P2, contiene una vulnerabilidad de tipo XSS no persistente. • https://bugzilla.zimbra.com/show_bug.cgi?id=109122 https://bugzilla.zimbra.com/show_bug.cgi?id=109123 https://bugzilla.zimbra.com/show_bug.cgi?id=109124 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 89%CPEs: 36EXPL: 4

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. Zimbra Collaboration Suite anterior de la versión 8.6 path 13, versión 8.7.x anterior de la 8.7.11 path 10, y versión 8.8.x anterior de la 8.8.10 path 7 u versión 8.8.x anterior de la 8.8.11 path 3, permite vulnerabilidad de tipo SSRF por medio del componente ProxyServlet. Zimbra versions prior to 8.8.1 suffer from XML external entity injection and server-side request forgery vulnerabilities. • https://www.exploit-db.com/exploits/46967 https://www.exploit-db.com/exploits/46693 http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html http://packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html https://blog.zimbra.com/2019/03/9826 https://bugzilla.zimbra. • CWE-918: Server-Side Request Forgery (SSRF) •