Vulnerabilities > Zimbra > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-06 | CVE-2023-34192 | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. | 9.0 |
| 2023-07-06 | CVE-2023-29382 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. | 9.8 |
| 2023-07-06 | CVE-2023-29381 | Unspecified vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters. | 9.8 |
| 2022-09-26 | CVE-2022-41352 | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. | 9.8 |
| 2022-08-12 | CVE-2022-37042 | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. | 9.8 |
| 2022-07-11 | CVE-2022-32294 | Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15 Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). | 9.8 |
| 2013-12-26 | CVE-2013-7217 | Security vulnerability in Zimbra Collaboration Server Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and earlier, and 8.0.x through 8.0.5, has "critical" impact and unspecified vectors, a different vulnerability than CVE-2013-7091. | 10.0 |