CVE-2026-33373

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. A Cross-Site Request Forgery CSRF vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after...

EUVD-2012-1239

Malware in sbrugna...

EUVD-2018-6342

Malware in sbrugna...

EUVD-2018-2991

Malware in sbrugna...

CVE-2018-14425

There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite ZCS Zimbra Web Client ZWC 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1...

CVE-2021-35207

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode...

CVE-2021-35207

An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode...

PT-2021-20839 · Zimbra · Zimbra Web Client +1

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.0 through 8.8.15 Patch 22 Zimbra Collaboration Suite versions 9.0.0 through 9.0.0 Patch 15 Description: A security issue exists in the login component of Zimbra Web Client, where an attacker can execute...

Zimbra Web Client Cross-Site Scripting Vulnerability

Zim is a graphical text editor for maintaining a collection of Wiki pages. A cross-site scripting vulnerability exists in Web Client in Zimbra version 9.0. The vulnerability originates when a web system or product performs an operation in memory without properly validating data boundaries,...

Zimbra Web Client (ZWC) Cross-Site Scripting Vulnerability

Zimbra Collaboration Suite ZCS is an open source collaboration suite from the American company Zimbra. The product includes WebMail, Calendar, Address Book, etc. Zimbra Web Client ZWC is one of the e-mail client program. A cross-site scripting vulnerability exists in the briefcase component of ZW...

CVE-2018-14425

CVE-2018-14425 concerns a Persistent XSS vulnerability in the Zimbra Web Client’s briefcase component within Zimbra Collaboration Suite (ZCS). Affected versions are ZCS/ZWC 8.8.8 prior to Patch 7 and 8.8.9 prior to Patch 1. The root cause is improper handling/validation of client-side data in the...

Zimbra Collaboration Suite Cross-Site Scripting Vulnerability (CNVD-2018-10867)

Zimbra Collaboration Suite ZCS is an open source collaboration suite from Zimbra, Inc. that includes WebMail, Calendar, Address Book, etc. Zimbra Web Client ZWC is one of the Web-based client applications. A cross-site scripting vulnerability exists in ZWC in versions 8.8 prior to Zimbra ZCS...

Cross site scripting

Cross-site scripting XSS vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite ZCS 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter...