Multiple vulnerabilities in Zimbra, including spoofing, XSS, DoS, and security restriction bypass, could be exploited by a remote attacker to compromise the targeted system. The affected versions are Zimbra Daffodil prior to 10.1.16. The vendor has released fixes in version 10.1.16, which should be applied immediately.
Multiple vulnerabilities were identified in Zimbra. A remote attacker could exploit some of these vulnerabilities to trigger spoofing, cross-site scripting, denial of service condition, sensitive information disclosure, security restriction bypass and data manipulation on the targeted system. Impact Security Restriction Bypass Spoofing Denial of Service Data Manipulation Information Disclosure Cross-Site Scripting System / Technologies affected Zimbra Daffodil prior to 10.1.16 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes