Zimbra - Cross-Site Scripting via ICS Files

Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...

CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability

...

About Cross Site Scripting – Zimbra Collaboration (CVE-2025-27915) vulnerability

About Cross Site Scripting - Zimbra Collaboration CVE-2025-27915 vulnerability. Zimbra Collaboration is a collaboration software suite, somewhat similar to Microsoft Exchange. Exploiting this vulnerability in the web mail client Classic Web Client allows an unauthenticated attacker to execute...

CVE-2024-27915

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...

CVE-2023-27915

A maliciously crafted XB file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2025-27915

The CVE-2025-27915 issue affects Zimbra Collaboration (ZCS) Classic Web Client, where insufficient sanitization of HTML in ICS files enables stored XSS when viewing an email with a crafted ICS entry. The underlying flaw allows embedded JavaScript to execute via an ontoggle event inside a tag, en...

CVE-2021-27915

creationtimestamp| type| source ---|---|--- 2024-09-17 17:16:58+00:00| seen| https://t.me/cvedetector/5816...

CVE-2021-27915

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system...

CVE-2021-27915

Prior to the patched version, there is an XSS vulnerability in the description fields within the Mautic application which could be exploited by a logged in user of Mautic with the appropriate permissions. This could lead to the user having elevated access to the system...

CVE-2024-27915

creationtimestamp| type| source ---|---|--- 2024-03-06 21:26:09+00:00| seen| https://t.me/ctinow/201824 2024-03-06 21:26:22+00:00| seen| https://t.me/ctinow/201835...

CVE-2024-27915 Sulu grants access to pages regardless of role permissions

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...

CVE-2024-27915

CVE-2024-27915 (Sulu) affects Sulu CMS (PHP). Versions 2.2.0 through before 2.4.17 and 2.5.13 allow access to pages regardless of role permissions for webspaces with security and permission checks enabled; webspaces without security are not affected. The issue is patched in 2.4.17 and 2.5.13. Mit...

CVE-2023-27915

creationtimestamp| type| source ---|---|--- 2023-04-14 22:25:58+00:00| seen| https://t.me/cibsecurity/62171 2024-01-03 15:59:37+00:00| seen| https://t.me/arpsyndicate/2328...

CVE-2023-27915

CVE-2023-27915 affects Autodesk AutoCAD 2023 via a crafted X_B file that triggers a memory corruption (read access violation) in parsing, potentially enabling code execution in the current process. The vulnerability is tied to how X_B data is parsed and is supported by multiple feeds, including R...

CVE-2023-27915

A maliciously crafted XB file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process...

CVE-2022-27915

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

CVE-2020-27915

CVE-2020-27915 is a memory corruption issue in macOS components addressed by Apple in macOS Big Sur 11.1, Catalina 10.15.7 Security Update 2020-001, Mojave 10.14.6 Security Update 2020-007, and Big Sur 11.0.1. Apple states a malicious application may execute arbitrary code with system privileges ...

About the security content of macOS Big Sur 11.0.1

About the security content of macOS Big Sur 11.0.1 This document describes the security content of macOS Big Sur 11.0.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...

CVE-2022-27915

CVE-2022-27915 is a rejected/not-used entry and does not represent an active vulnerability.