Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) prior to 8.6.0 Patch 10, 8.7.x prior to 8.7.11 Patch 2, and 8.8.x prior to 8.8.8 Patch 1 allows remote malicious users to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zimbra zimbra collaboration suite 8.6.0 |
||
synacor zimbra collaboration suite 8.6.0 |
||
synacor zimbra collaboration suite |
||
synacor zimbra collaboration suite 8.7.11 |