RSS   Vulnerabilities for 'Webaccess'   RSS

2019-04-11
 
CVE-2019-7219

CWE-79
 

 
Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.

 
2014-10-20
 
CVE-2014-5449

 

 
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.

 

 >>> Vendor: Zarafa 4 Products
Zarafa
Webapp
Webaccess
Zarafa collaboration platform


Copyright 2019, cxsecurity.com

 

Back to Top