Vulnerabilities > Zimbra

DATE CVE VULNERABILITY TITLE RISK
2024-02-13 CVE-2023-45207 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0.
network
low complexity
zimbra CWE-79
6.1
6.1
2024-02-13 CVE-2023-48432 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0.
network
low complexity
zimbra CWE-79
6.1
6.1
2024-01-02 CVE-2017-20188 Cross-site Scripting vulnerability in Zimbra Zm-Ajax
A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic.
network
high complexity
zimbra CWE-79
4.7
4.7
2023-12-07 CVE-2023-43102 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-12-07 CVE-2023-43103 Cross-site Scripting vulnerability in Zimbra Collaboration
An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-12-07 CVE-2023-41106 Unspecified vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3.
network
low complexity
zimbra
7.5
7.5
2023-07-31 CVE-2023-37580 Cross-site Scripting vulnerability in Zimbra
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-07-31 CVE-2023-38750 Unspecified vulnerability in Zimbra
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
network
low complexity
zimbra
7.5
7.5
2023-07-06 CVE-2023-29381 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.
network
low complexity
zimbra
critical
 9.8
9.8
2023-07-06 CVE-2023-29382 Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.
network
low complexity
zimbra
critical
 9.8
9.8