CVE-2018-14013
MEDIUM NUCLEISynacor Zimbra Collaboration Suite <8.8.11 - XSS
Title source: llmExploitation Summary
CVE-2018-14013 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
Nuclei Templates (1)
Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting
MEDIUMby pikpikcu
Shodan:
http.title:"zimbra collaboration suite" || http.title:"zimbra web client sign in"
FOFA:
title="zimbra web client sign in" || title="zimbra collaboration suite"
References (7)
Core 7
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/151472/Zimbra-Collaboration-Cross-Site-Scripting.html
Exploit, Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2019/Feb/3
Exploit, Mailing List x_refsource_misc
http://www.openwall.com/lists/oss-security/2019/01/30/1
Third Party Advisory, VDB Entry x_refsource_misc
http://www.securityfocus.com/bid/106787
Vendor Advisory x_refsource_misc
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.zimbra.com/show_bug.cgi?id=109018
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.zimbra.com/show_bug.cgi?id=109017
Scores
CVSS v3
6.1
EPSS
0.0738
EPSS Percentile
93.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (5)
synacor/zimbra_collaboration_suite
8.7.11 (7 CPE variants)
synacor/zimbra_collaboration_suite
8.8.9 (7 CPE variants)
synacor/zimbra_collaboration_suite
8.8.10 (4 CPE variants)
synacor/zimbra_collaboration_suite
8.8.11
synacor/zimbra_collaboration_suite
< 8.7.11
Published
May 29, 2019
Tracked Since
Feb 18, 2026