Vulnerabilities (CVE)

Filtered by vendor Zarafa Subscribe
Filtered by product Webaccess
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7219 1 Zarafa 1 Webaccess 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
CVE-2014-5449 1 Zarafa 2 Webaccess, Webapp 2024-11-21 2.1 LOW N/A
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.