Vulnerability Report

CVE-2016-3407

Title: Synacor Zimbra Collaboration Suite Cross-Site Scripting (XSS)

XSS

Proof Of Concept

No public PoC currently indexed for CVE-2016-3407.

CWE Category CWE-79

Published Date Jan 18, 2017

Modified Date May 13, 2026

Exploit Status Not Found

Score 6.1 CVSS v3.0

Exploit Probability (EPSS)

0.36%

Vulnerability Summary

CVE-2016-3407: Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910, 105071, and 105175.

Impacted Vendors

synacor 1

zimbra 1

Reference Links

http://www.securityfocus.com/bid/95897 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories http://www.securityfocus.com/bid/95897 https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories

CVSS v3.0

Source Entity [email protected]

Severity MEDIUM

6.1

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

REQUIRED

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

CHANGED

RAW VECTOR CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

4.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:N/I:P/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns