CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-8783
https://notcve.org/view.php?id=CVE-2017-8783
Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS. Synacor Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.7.10 tiene XSS persistente. • https://bugzilla.zimbra.com/show_bug.cgi?id=107878 https://bugzilla.zimbra.com/show_bug.cgi?id=107885 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2017-8802 – Zimbra Collaboration Suite Cross Site Scripting
https://notcve.org/view.php?id=CVE-2017-8802
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers to inject arbitrary web script or HTML via vectors related to the "Show Snippet" functionality. Vulnerabilidad de Cross-Site Scripting (XSS) en Zimbra Collaboration Suite (también conocido como ZCS) en versiones anteriores a la 8.8.0 Beta2 puede permitir que los atacantes remotos inyecten scripts web o HTML arbitrarios mediante vectores relacionados con la funcionalidad "Show Snippet". Zimbra Collaboration Suite suffers from a stored cross site scripting vulnerability. • https://github.com/ozzi-/Zimbra-CVE-2017-8802-Hotifx http://www.securityfocus.com/archive/1/541661/100/0/threaded https://bugzilla.zimbra.com/show_bug.cgi?id=107925 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2018-001_zimbra_stored_xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7288
https://notcve.org/view.php?id=CVE-2017-7288
Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad Cross-Site Scripting (XSS) en versiones anteriores a la 8.7.1 de Zimbra Collaboration Suite (ZCS) permite a los atacantes remotos inyectar scripts web o HTML arbitrarios utilizando vectores no especificados. • http://www.securityfocus.com/bid/98081 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.1 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6821
https://notcve.org/view.php?id=CVE-2017-6821
Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact via unknown vectors. Una vulnerabilidad de salto de directorio en Zimbra Collaboration Suite (también conocido como ZCS) en versiones anteriores a la 8.7.6 permite a los atacantes provocar un impacto no especificado mediante vectores desconocidos. • http://www.securityfocus.com/bid/98090 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6813
https://notcve.org/view.php?id=CVE-2017-6813
A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few requested operations. Un servicio prestado por Zimbra Collaboration Suite (ZCS) en versiones anteriores a la 8.7.6 no solicita los privilegios necesarios antes de realizar determinadas operaciones. • http://www.securityfocus.com/bid/98087 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.6 •