Vulnerabilities > Zimbra > Collaboration > 9.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2023-45207 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. | 6.1 |
| 2024-02-13 | CVE-2023-48432 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. | 6.1 |
| 2023-12-07 | CVE-2023-43102 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. | 6.1 |
| 2023-12-07 | CVE-2023-43103 | Cross-site Scripting vulnerability in Zimbra Collaboration An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. | 6.1 |
| 2023-12-07 | CVE-2023-41106 | Unspecified vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. | 7.5 |
| 2023-07-06 | CVE-2023-29381 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. | 9.8 |
| 2023-07-06 | CVE-2023-29382 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. | 9.8 |
| 2023-06-15 | CVE-2023-24030 | Open Redirect vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. | 6.1 |
| 2023-06-15 | CVE-2023-24031 | Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. | 6.1 |
| 2023-06-15 | CVE-2023-24032 | Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0 In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). | 7.8 |