First published: Mon Jan 27 2020(Updated: )
Zimbra Collaboration before 8.6.0 patch5 has XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Synacor Zimbra Collaboration Server | <=8.5.1 | |
Synacor Zimbra Collaboration Server | =8.6.0 | |
Synacor Zimbra Collaboration Server | =8.6.0-patch1 | |
Synacor Zimbra Collaboration Server | =8.6.0-patch2 | |
Synacor Zimbra Collaboration Server | =8.6.0-patch3 | |
Synacor Zimbra Collaboration Server | =8.6.0-patch4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2015-2249.
CVE-2015-2249 has a severity rating of medium (5.4).
Zimbra Collaboration Server versions 8.5.1 up to and including 8.6.0 patch4 are affected by CVE-2015-2249.
The CWE ID of CVE-2015-2249 is CWE-79 (Cross-Site Scripting).
To fix CVE-2015-2249, it is recommended to upgrade to Zimbra Collaboration Server version 8.6.0 patch5 or later.