Vulnerabilities > Zimbra > Collaboration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-13 | CVE-2023-45207 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. | 6.1 |
| 2024-02-13 | CVE-2023-48432 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. | 6.1 |
| 2023-12-07 | CVE-2023-43102 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. | 6.1 |
| 2023-12-07 | CVE-2023-43103 | Cross-site Scripting vulnerability in Zimbra Collaboration An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. | 6.1 |
| 2023-12-07 | CVE-2023-41106 | Unspecified vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. | 7.5 |
| 2023-07-06 | CVE-2023-29381 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. | 9.8 |
| 2023-07-06 | CVE-2023-29382 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. | 9.8 |
| 2023-07-06 | CVE-2023-34192 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. | 9.0 |
| 2023-07-06 | CVE-2023-34193 | Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15 File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. | 8.8 |
| 2023-06-15 | CVE-2023-24030 | Open Redirect vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. | 6.1 |