Vulnerabilities > Zimbra

DATE CVE VULNERABILITY TITLE RISK
2023-06-15 CVE-2023-24030 Open Redirect vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15.
network
low complexity
zimbra CWE-601
6.1
6.1
2023-06-15 CVE-2023-24031 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-06-15 CVE-2023-24032 Command Injection vulnerability in Zimbra Collaboration 8.8.15/9.0.0
In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).
local
low complexity
zimbra CWE-77
7.8
7.8
2023-01-06 CVE-2022-45911 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
6.1
2023-01-06 CVE-2022-45913 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
6.1
2022-12-05 CVE-2022-45912 Unrestricted Upload of File with Dangerous Type vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0.
network
low complexity
zimbra CWE-434
7.2
7.2
2022-10-12 CVE-2022-41348 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
6.1
2022-10-12 CVE-2022-41349 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS.
network
low complexity
zimbra CWE-79
6.1
6.1
2022-10-12 CVE-2022-41350 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS.
network
low complexity
zimbra CWE-79
6.1
6.1
2022-10-12 CVE-2022-41351 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).
network
low complexity
zimbra CWE-79
6.1
6.1