zimbra collaboration suite · threatengine.sh

Home/Product/synacor zimbra collaboration suite

Product

synacor zimbra collaboration suite

84 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

>= 10.0.0 and < 10.0.18

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Z

>= 10.0.0 and < 10.1.16

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Z

>= 10.0.0 and < 10.1.16

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimb

>= 10.0.0 and < 10.1.16

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in t

>= 10.0.0 and < 10.1.16

Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderActio

>= 10.0.0 and < 10.1.16

Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Classic Webmai

>= 10.0.0 and < 10.0.18

Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS)

>= 10.0.0 and < 10.0.18

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of

>= 10.0.0 and < 10.0.12

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability

>= 10.0.0 and < 10.0.12

An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.

>= 9.0.0 and < 10.1.4

In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (

>= 10.0.0 and < 10.0.13

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exi

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before

>= 10.0.0 and < 10.0.12

SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x befor

>= 9.0.0 and < 10.0.11

An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endp

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in th

>= 10.0.0 and < 10.0.9

In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripti

An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of t

An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can exploit this vulnerability by creat

An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Sit

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through th

A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one

The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1

>= 8.8.0 and < 8.8.15

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a c

Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from i

A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.

Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targ

>= 8.8.0 and < 8.8.15

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploite

An issue in /domain/service/.ewell-known/caldav of Zimbra Collaboration 8.8.12 allows attackers to redirect users to any arbitrary

A reflected cross-site scripting (XSS) vulnerability in the zimbraAdmin/public/secureRequest.jsp component of Zimbra Collaboration

An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite before 8.8.15 Patch 11. It allows an attacker t

Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abu

An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors revoked a shared calendar in Outl

Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.

Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra.

There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (

Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.

>= 8.7.0 and < 8.7.11

An issue was discovered in Synacor Zimbra Collaboration Suite 8.6.x before 8.6.0 Patch 11, 8.7.x before 8.7.11 Patch 6, 8.8.x befo

>= 8.7.0 and < 8.7.11

mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnera

>= 8.7.0 and < 8.7.11

Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.

>= 8.7.0 and < 8.7.11

Synacor Zimbra Collaboration Suite 8.7.x through 8.8.11 allows insecure object deserialization in the IMAP component.

>= 8.7.0 and < 8.7.11

ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other

>= 8.7.0 and < 8.7.11

mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persist

Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.

Zimbra Collaboration Suite before 8.6 patch 13, 8.7.x before 8.7.11 patch 10, and 8.8.x before 8.8.10 patch 7 or 8.8.x before 8.8.

Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value.

>= 8.7.0 and <= 8.7.11

Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via

>= 8.7.0 and <= 8.7.11

Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8

>= 8.7.0 and <= 8.7.11

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows zimbraSSLPr

>= 8.7.0 and < 8.7.11

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 before 8.6.0.Patch10 allows Information

>= 8.7.0 and <= 8.7.11

mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveragin

Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) b

Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent XSS.

Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.8.0 Beta2 might allow remote attackers t

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) before 8.7.1 allows remote attackers to inject arbitr

Directory traversal vulnerability in Zimbra Collaboration Suite (aka ZCS) before 8.7.6 allows attackers to have unspecified impact

A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 fails to require needed privileges before performing a few req

Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow

Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers to conduct XML External Entity (XXE) attacks.

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, ak

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrar

Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 1022

Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability vi

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, ak

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrar

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web scri

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrar

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web scri

Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web scri

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrar

Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack t

Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown v

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, ak

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vecto

Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown v

Directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2

Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network an

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin