Vulnerabilities (CVE)

Filtered by vendor Zimbra Subscribe
Filtered by product Collaboration
Total 42 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-35208 1 Zimbra 1 Collaboration 2024-02-04 3.5 LOW 5.4 MEDIUM
An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document.
CVE-2020-35123 1 Zimbra 1 Collaboration 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17.