CVE-2025-71275

Zimbra Collaboration Suite ZCS PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell...

PT-2026-27441

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS version 8.8.15 Description A security issue exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows unauthenticated attackers to execute arbitrary system commands. This is possible due to...

CVE-2020-7796

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...

EUVD-2021-21853

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-45101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access t...

CVE-2023-37580

Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client...

CVE-2023-24032

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker who has initial user access to a Zimbra server instance can execute commands as root by passing one of JVM arguments, leading to local privilege escalation LPE...

CVE-2022-41351

In Zimbra Collaboration Suite ZCS 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string instead of default value of 10...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from mishandling of user-supplied input, allowing an attacker ...

PT-2024-7919 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite version 8.8.15 Description: A reflected Cross-Site Scripting XSS issue has been identified, arising from improper handling of user-supplied input. This allows an attacker to inject malicious code that is reflected...

Zimbra Collaboration Server 访问控制错误漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server that stems from a logging service that sometimes...

CVE-2023-45206

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...

PT-2024-13227 · Zimbra · Zimbra Collaboration

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions 8.8.15 through 10.0 Description: An issue was discovered in Zimbra Collaboration, where an attacker can inject JavaScript or HTML code through the help document endpoint in webmail, leading to cross-site...

Zimbra Collaboration Suite Security Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra in the United States. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration ZCS versions 8.8.15, 9.0, and 10.0. An attacker can exploit the vulnerabili...

Zimbra Collaboration Suite Security Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra in the United States. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite versions 8.8.15, 9.0, and 10.0. An attacker exploited the vulnerabili...

Synacor Zimbra Security Vulnerability

Synacor Zimbra is an open source email collaboration platform from Synacor Inc. in the United States. A security vulnerability exists in Synacor Zimbra Collaboration ZCS versions 8.8.15, 9.0, and 10.0. An attacker can exploit the vulnerability to inject JavaScript or HTML code...

CVE-2023-43102

An issue was discovered in Zimbra Collaboration ZCS before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36...

Vulnerabilities fixed in Zimbra

Zimbra has fixed vulnerabilities in Zimbra Collaboration. A malicious party can exploit the vulnerabilities to launch a Cross-Site Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the browser of the victim, or access sensitive data in the context of the victim's...

CVE-2023-38750

In Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed...

Zimbra Fixes A Zero-Day Vulnerability Exploited in Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary The vulnerability CVE-2023-37580 in Zimbra Collaboration Suite ZCS version 8.8.15 is a Cross-Site Scripting XSS flaw in the Zimbra Classic Web Client interface. Its impact is severe as it can...