Vulnerabilities > Zimbra > Collaboration

DATE CVE VULNERABILITY TITLE RISK
2023-01-06 CVE-2022-45911 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-01-06 CVE-2022-45913 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
6.1
2022-12-05 CVE-2022-45912 Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-434
7.2
7.2
2022-10-12 CVE-2022-41348 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
6.1
2022-10-12 CVE-2022-41349 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS.
network
low complexity
zimbra CWE-79
6.1
6.1
2022-10-12 CVE-2022-41350 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS.
network
low complexity
zimbra CWE-79
6.1
6.1
2022-10-12 CVE-2022-41351 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).
network
low complexity
zimbra CWE-79
6.1
6.1
2022-09-26 CVE-2022-41347 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15).
local
low complexity
zimbra
7.8
7.8
2022-09-26 CVE-2022-41352 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-22
critical
 9.8
9.8
2022-08-12 CVE-2022-37042 Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0
Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.
network
low complexity
zimbra CWE-22
critical
 9.8
9.8