Vulnerabilities > Zimbra

DATE CVE VULNERABILITY TITLE RISK
2022-12-05 CVE-2022-45912 Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-434
7.2
2022-10-12 CVE-2022-41348 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
2022-10-12 CVE-2022-41349 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS.
network
low complexity
zimbra CWE-79
6.1
2022-10-12 CVE-2022-41350 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS.
network
low complexity
zimbra CWE-79
6.1
2022-10-12 CVE-2022-41351 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).
network
low complexity
zimbra CWE-79
6.1
2022-09-26 CVE-2022-41347 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15).
local
low complexity
zimbra
7.8
2022-09-26 CVE-2022-41352 Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-434
critical
9.8
2022-08-12 CVE-2022-37042 Improper Authentication vulnerability in Zimbra Collaboration 8.8.15/9.0.0
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.
network
low complexity
zimbra CWE-287
critical
9.8
2022-07-11 CVE-2022-32294 Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command).
network
low complexity
zimbra CWE-863
7.5
2022-04-21 CVE-2022-27924 Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance.
network
low complexity
zimbra CWE-74
5.0