Vulnerabilities > Zimbra
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-12 | CVE-2022-41350 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. | 6.1 |
| 2022-10-12 | CVE-2022-41351 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10). | 6.1 |
| 2022-09-26 | CVE-2022-41347 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.x and 9.x (e.g., 8.8.15). | 7.8 |
| 2022-09-26 | CVE-2022-41352 | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. | 9.8 |
| 2022-08-16 | CVE-2022-37393 | Unspecified vulnerability in Zimbra Collaboration Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. | 7.8 |
| 2022-08-12 | CVE-2022-37041 | Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. | 7.5 |
| 2022-08-12 | CVE-2022-37042 | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. | 9.8 |
| 2022-08-12 | CVE-2022-37043 | Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. | 5.7 |
| 2022-08-12 | CVE-2022-37044 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine. | 6.1 |
| 2022-07-11 | CVE-2022-32294 | Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15 Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). | 9.8 |