CVE-2019-12427
https://notcve.org/view.php?id=CVE-2019-12427
Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console. En Zimbra Collaboration versiones anteriores a 8.8.15 Patch 1, es vulnerable a un ataque de tipo XSS no persistente por medio de la Consola de Administración. • https://bugzilla.zimbra.com/show_bug.cgi?id=109174 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-15313
https://notcve.org/view.php?id=CVE-2019-15313
In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persistent XSS vulnerability. En Zimbra Collaboration versiones anteriores a 8.8.15 Patch 1, se presenta una vulnerabilidad de tipo XSS no persistente. • https://bugzilla.zimbra.com/show_bug.cgi?id=109141 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-9621 – Zimbra < 8.8.11 - XML External Entity Injection / Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2019-9621
Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.11 patch 3 allows SSRF via the ProxyServlet component. Zimbra Collaboration Suite anterior de la versión 8.6 path 13, versión 8.7.x anterior de la 8.7.11 path 10, y versión 8.8.x anterior de la 8.8.10 path 7 u versión 8.8.x anterior de la 8.8.11 path 3, permite vulnerabilidad de tipo SSRF por medio del componente ProxyServlet. Zimbra versions prior to 8.8.1 suffer from XML external entity injection and server-side request forgery vulnerabilities. • https://www.exploit-db.com/exploits/46967 https://www.exploit-db.com/exploits/46693 http://packetstormsecurity.com/files/152487/Zimbra-Collaboration-Autodiscover-Servlet-XXE-ProxyServlet-SSRF.html http://packetstormsecurity.com/files/153190/Zimbra-XML-Injection-Server-Side-Request-Forgery.html http://www.rapid7.com/db/modules/exploit/linux/http/zimbra_xxe_rce https://blog.tint0.com/2019/03/a-saga-of-code-executions-on-zimbra.html https://blog.zimbra.com/2019/03/9826 https://bugzilla.zimbra. • CWE-918: Server-Side Request Forgery (SSRF) •