Vulnerabilities > Zimbra > Collaboration > 8.7.11
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-02 | CVE-2024-45519 | Unspecified vulnerability in Zimbra Collaboration The postjournal service in Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1 sometimes allows unauthenticated users to execute commands. | 9.8 |
| 2024-02-13 | CVE-2023-50808 | Cross-site Scripting vulnerability in Zimbra Collaboration Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI. | 6.1 |
| 2023-12-07 | CVE-2023-43102 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. | 6.1 |
| 2023-12-07 | CVE-2023-43103 | Cross-site Scripting vulnerability in Zimbra Collaboration An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. | 6.1 |
| 2023-12-07 | CVE-2023-41106 | Unspecified vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. | 7.5 |
| 2022-08-16 | CVE-2022-37393 | Unspecified vulnerability in Zimbra Collaboration Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. | 7.8 |
| 2021-07-02 | CVE-2021-34807 | Open Redirect vulnerability in Zimbra Collaboration An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. | 6.1 |