Vulnerabilities > Zimbra > Collaboration

DATE CVE VULNERABILITY TITLE RISK
2023-12-07 CVE-2023-43102 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-12-07 CVE-2023-43103 Cross-site Scripting vulnerability in Zimbra Collaboration
An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-12-07 CVE-2023-41106 Unspecified vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3.
network
low complexity
zimbra
7.5
7.5
2023-07-06 CVE-2023-29381 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.
network
low complexity
zimbra
critical
 9.8
9.8
2023-07-06 CVE-2023-29382 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
network
low complexity
zimbra
critical
 9.8
9.8
2023-07-06 CVE-2023-34192 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
network
low complexity
zimbra CWE-79
critical
 9.0
9.0
2023-07-06 CVE-2023-34193 Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.
network
low complexity
zimbra CWE-434
8.8
8.8
2023-06-15 CVE-2023-24030 Open Redirect vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15.
network
low complexity
zimbra CWE-601
6.1
6.1
2023-06-15 CVE-2023-24031 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-06-15 CVE-2023-24032 Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
local
low complexity
zimbra CWE-77
7.8
7.8