Vulnerabilities > Zimbra > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-02 CVE-2017-20188 Cross-site Scripting vulnerability in Zimbra Zm-Ajax
A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic.
network
high complexity
zimbra CWE-79
4.7
2023-12-07 CVE-2023-43102 Cross-site Scripting vulnerability in Zimbra Collaboration
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4.
network
low complexity
zimbra CWE-79
6.1
2023-12-07 CVE-2023-43103 Cross-site Scripting vulnerability in Zimbra Collaboration
An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter.
network
low complexity
zimbra CWE-79
6.1
2023-07-31 CVE-2023-37580 Cross-site Scripting vulnerability in Zimbra
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
network
low complexity
zimbra CWE-79
6.1
2023-06-15 CVE-2023-24030 Open Redirect vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15.
network
low complexity
zimbra CWE-601
6.1
2023-06-15 CVE-2023-24031 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15.
network
low complexity
zimbra CWE-79
6.1
2023-01-06 CVE-2022-45911 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
2023-01-06 CVE-2022-45913 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15/9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
2022-10-12 CVE-2022-41348 Cross-site Scripting vulnerability in Zimbra Collaboration 9.0.0
An issue was discovered in Zimbra Collaboration (ZCS) 9.0.
network
low complexity
zimbra CWE-79
6.1
2022-10-12 CVE-2022-41349 Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/compose accepts an attachUrl parameter that is vulnerable to Reflected XSS.
network
low complexity
zimbra CWE-79
6.1