Page 5 of 48 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 14EXPL: 0

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPrivateKey read access via a GetServer, GetAllServers, or GetAllActiveServers call in the Admin SOAP API. mailboxd en Zimbra Collaboration Suite, en versiones 8.8 anteriores a la 8.8.8; versiones 8.7 anteriores a la 8.7.11.Patch3 y versiones 8.6 anteriores a la 8.6.0.Patch10, permite el acceso de lectura zimbraSSLPrivateKey mediante una llamada GetServer, GetAllServers o GetAllActiveServers en la API SOAP Admin. • https://bugzilla.zimbra.com/show_bug.cgi?id=108894 •

CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 1

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. Vulnerabilidad de Cross-Site Scripting (XSS) en la función ZmMailMsgView.getAttachmentLinkHtml en Zimbra Collaboration Suite (ZCS), en versiones anteriores a la 8.7 Patch 1 y versiones 8.8.x anteriores a la 8.8.7, podría permitir que atacantes remotos inyecten scripts web o HTML arbitrarios mediante una cabecera Content-Location en un adjunto de correo electrónico. Zimbra Collaboration Suite version 8.7.11_GA_1854 suffers from a cross site scripting vulnerability. Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML. • http://seclists.org/fulldisclosure/2018/Mar/52 http://www.securityfocus.com/archive/1/541891/100/0/threaded https://bugzilla.zimbra.com/show_bug.cgi?id=108786 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS. Synacor Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.8.3 tiene XSS persistente. • https://bugzilla.zimbra.com/show_bug.cgi?id=108265 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS. Synacor Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.7.10 tiene XSS persistente. • https://bugzilla.zimbra.com/show_bug.cgi?id=107878 https://bugzilla.zimbra.com/show_bug.cgi?id=107885 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality. Vulnerabilidad de Cross-Site Scripting (XSS) en Zimbra Collaboration Suite (también conocido como ZCS) en versiones anteriores a la 8.8.0 Beta2 puede permitir que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores relacionados con la funcionalidad "Show Snippet". Zimbra Collaboration Suite suffers from a stored cross site scripting vulnerability. • https://github.com/ozzi-/Zimbra-CVE-2017-8802-Hotifx http://www.securityfocus.com/archive/1/541661/100/0/threaded https://bugzilla.zimbra.com/show_bug.cgi?id=107925 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •