Vulnerabilities > Zimbra > Collaboration > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-27443 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. | 6.1 |
| 2024-08-12 | CVE-2024-33533 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. | 5.4 |
| 2024-08-12 | CVE-2024-33536 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. | 5.4 |
| 2024-02-13 | CVE-2023-50808 | Cross-site Scripting vulnerability in Zimbra Collaboration Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI. | 6.1 |
| 2024-02-13 | CVE-2023-26562 | Missing Authorization vulnerability in Zimbra Collaboration 8.8.15/9.0.0 In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp. | 6.5 |
| 2024-02-13 | CVE-2023-45206 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. | 6.1 |
| 2024-02-13 | CVE-2023-45207 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. | 6.1 |
| 2024-02-13 | CVE-2023-48432 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. | 6.1 |
| 2023-12-07 | CVE-2023-43102 | Cross-site Scripting vulnerability in Zimbra Collaboration An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. | 6.1 |
| 2023-12-07 | CVE-2023-43103 | Cross-site Scripting vulnerability in Zimbra Collaboration An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. | 6.1 |