Vulnerabilities > Zimbra
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-02 | CVE-2017-20188 | Cross-site Scripting vulnerability in Zimbra Zm-Ajax A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. | 4.7 |
2023-12-07 | CVE-2023-43102 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. | 6.1 |
2023-12-07 | CVE-2023-43103 | Cross-site Scripting vulnerability in Zimbra Collaboration An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. | 6.1 |
2023-12-07 | CVE-2023-41106 | Unspecified vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. | 7.5 |
2023-07-31 | CVE-2023-37580 | Cross-site Scripting vulnerability in Zimbra Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | 6.1 |
2023-07-31 | CVE-2023-38750 | Unspecified vulnerability in Zimbra In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. | 7.5 |
2023-07-06 | CVE-2023-29381 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. | 9.8 |
2023-07-06 | CVE-2023-29382 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. | 9.8 |
2023-07-06 | CVE-2023-34192 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. | 9.0 |
2023-07-06 | CVE-2023-34193 | Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15 File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. | 8.8 |