CVE-2025-71275

Zimbra Collaboration Suite ZCS PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell...

PT-2026-27441

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS version 8.8.15 Description A security issue exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows unauthenticated attackers to execute arbitrary system commands. This is possible due to...

CVE-2020-7796

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...

Linux Distros Unpatched Vulnerability : CVE-2021-45101

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in HTCondor before 8.8.15, 9.0.x before 9.0.4, and 9.1.x before 9.1.2. Using standard command-line tools, a user with only READ access t...

CVE-2023-37580

Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client...

CVE-2022-41351

In Zimbra Collaboration Suite ZCS 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string instead of default value of 10...

Zimbra Collaboration Suite 安全漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from mishandling of user-supplied input, allowing an attacker ...

PT-2024-7919 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite version 8.8.15 Description: A reflected Cross-Site Scripting XSS issue has been identified, arising from improper handling of user-supplied input. This allows an attacker to inject malicious code that is reflected...

Synacor Zimbra Collaboration Server 跨站脚本漏洞

Synacor Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Synacor, USA. The solution provides email, contacts, calendar, file sharing, social networking, and other features. A security vulnerability exists in Synacor Zimbra Collaboration Server version v.8.8.15,...

PT-2023-24728 · Zimbra · Zimbra Zcs

Name of the Vulnerable Software and Affected Versions: Zimbra ZCS version 8.8.15 Description: The issue is a Cross Site Scripting vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the "/h/autoSaveDraft" function. This vulnerability is...

Zimbra Collaboration Server 安全漏洞

Synacor Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Synacor, USA. The solution provides email, contacts, calendaring, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions v.8.8.15 and...

CVE-2023-29382

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdcpreauth.jsp component...

PT-2022-25821 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite version 8.8.15 Description: The issue concerns a Reflected XSS vulnerability. It is related to the URL at "/h/compose" which accepts an attachUrl parameter. This allows for the execution of arbitrary JavaScript on t...

Zimbra Collaboration Suite 跨站脚本漏洞

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite version 8.8.15, which stems from the lack of effective filtering...

Zimbra Collaboration Suite 路径遍历漏洞

Zimbra Collaboration Suite ZCS is an open source collaborative office suite. The product includes WebMail, Calendar, Address Book, etc. A security vulnerability exists in Zimbra Collaboration Suite ZCS versions 8.8.15 and 9.0, which stems from a lack of valid authentication of uploaded files by t...

Zimbra Collaboration Suite 路径遍历漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra in the United States. The product includes WebMail, Calendar, Address Book and more. A path traversal vulnerability exists in Zimbra Collaboration Suite version 8.8.15, 9.0. An attacker can exploit this vulnerability...

Zimbra Collaboration Suite 跨站脚本漏洞

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A cross-site scripting vulnerability exists in Zimbra Collaboration Suite ZCS version 8.8.15. An attacker could exploit this vulnerability to...

Zimbra Collaboration Suite 路径遍历漏洞

Zimbra Collaboration aka ZCS versions 8.8.15 and 9.0 are vulnerable to a file upload vulnerability that stems from a lack of valid authentication of uploaded files by the application. An authenticated attacker with administrator privileges could exploit the vulnerability to be able to upload...

Zero-day vulnerability in Zimbra Servers being exploited-in-the-wild

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here A zero-day cross-site scripting XSS vulnerability has been discovered in the Zimbra email software. A threat actor is taking advantage of this issue by launching a targeted spear-phishing attack named Operation EmailThief. Two...

Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users

A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed "EmailThief" — was detailed by cybersecurity compa...