Vulnerabilities > Zimbra > Collaboration
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-15 | CVE-2023-24031 | Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. | 6.1 |
| 2023-06-15 | CVE-2023-24032 | Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0 In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE). | 7.8 |
| 2023-01-06 | CVE-2022-45911 | Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 9.0. | 6.1 |
| 2023-01-06 | CVE-2022-45913 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 9.0. | 6.1 |
| 2022-12-05 | CVE-2022-45912 | Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. | 7.2 |
| 2022-10-12 | CVE-2022-41348 | Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 9.0. | 6.1 |
| 2022-10-12 | CVE-2022-41349 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS. | 6.1 |
| 2022-10-12 | CVE-2022-41350 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. | 6.1 |
| 2022-10-12 | CVE-2022-41351 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). | 6.1 |
| 2022-09-26 | CVE-2022-41347 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). | 7.8 |