Vulnerabilities > Zimbra > Zimbra
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-07-31 | CVE-2023-37580 | Cross-site Scripting vulnerability in Zimbra Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. | 6.1 |
| 2023-07-31 | CVE-2023-38750 | Unspecified vulnerability in Zimbra In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. | 7.5 |
| 2020-05-05 | CVE-2020-11737 | Cross-site Scripting vulnerability in Zimbra 9.0.0 A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. | 4.3 |
| 2020-02-12 | CVE-2013-1938 | Cross-site Scripting vulnerability in Zimbra 2013 Zimbra 2013 has XSS in aspell.php | 4.3 |
| 2012-02-24 | CVE-2012-1213 | Cross-Site Scripting vulnerability in Zimbra Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter. | 4.3 |