2 matches found
CVE-2026-33372
An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A cross-site request forgery CSRF vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens. The application accepts CSRF tokens supplied within the request body instead of requiring them through the expecte...
CVE-2025-32354
In Zimbra Collaboration ZCS 9.0 through 10.1, a Cross-Site Request Forgery CSRF vulnerability exists in the GraphQL endpoint /service/extension/graphql of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying...