XXE Vulnerability in ZxChat (ZeXtras Chat) in Synacor Zimbra Collaboration Suite

XXE Vulnerability in ZxChat (ZeXtras Chat) in Synacor Zimbra Collaboration Suite

CVE-2018-20160 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

ZxChat (aka ZeXtras Chat), as used for zimbra-chat and zimbra-talk in Synacor Zimbra Collaboration Suite 8.7 and 8.8 and in other products, allows XXE attacks, as demonstrated by a crafted XML request to mailboxd.

Learn more about our Web Application Penetration Testing UK.