Lucene search

Zimbra Security Vulnerabilities

cve

CVE-2012-1213

Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.

5.9AI Score

0.013EPSS

2012-02-24 01:55 PM

cve

CVE-2013-1938

Zimbra 2013 has XSS in aspell.php

6.1CVSS

6AI Score

0.024EPSS

2020-02-12 04:15 PM

cve

CVE-2020-11737

A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followe...

6.1CVSS

5.9AI Score

0.002EPSS

2020-05-05 03:15 PM

cve

CVE-2023-37580

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

6.1CVSS

6.2AI Score

0.313EPSS

2023-07-31 04:15 PM

356

In Wild

cve

CVE-2023-38750

In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.

7.5CVSS

7.5AI Score

0.001EPSS

2023-07-31 04:15 PM