Zimbra - Cross-Site Scripting via ICS Files

Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...

Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.13, 10.1.x < 10.1.5 XSS

According to its self-reported version number, Zimbra Collaboration Server is affected by the following vulnerability including:A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML. Using a specifically crafted email, a attacker...

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an...

EUVD-2025-7823

Malicious code in bioql PyPI...

EUVD-2023-33827

Malicious code in bioql PyPI...

CVE-2023-37580

Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client...

CVE-2025-27915

The CVE-2025-27915 issue affects Zimbra Collaboration (ZCS) Classic Web Client, where insufficient sanitization of HTML in ICS files enables stored XSS when viewing an email with a crafted ICS entry. The underlying flaw allows embedded JavaScript to execute via an ontoggle event inside a tag, en...

CVE-2025-27915

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its...

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendaring, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0, 10.0, and 10.1, which stems fro...

PT-2025-11082

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS versions 9.0, 10.0, and 10.1 Zimbra Collaboration Suite versions 9.0.0 Patch 44, 10.0.13, and 10.1.5 and earlier Description Zimbra Collaboration Suite ZCS contains a stored cross-site scripting XSS flaw in the...

CVE-2023-2325

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document...

CVE-2023-2325

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document...

CVE-2023-2325 Stored XSS Vulnerability in M-Files Classic Web

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document...

CVE-2023-2325 Stored XSS Vulnerability in M-Files Classic Web

Stored XSS Vulnerability in M-Files Classic Web versions before 23.10 and LTS Service Release Versions before 23.2 LTS SR4 and 23.8 LTS SR1allows attacker to execute script on users browser via stored HTML document...

M-Files Cross-Site Scripting Vulnerability

M-Files is an innovative metadata-driven document management platform from M-Files, Inc. A cross-site scripting vulnerability exists in M-Files Classic Web prior to 23.10, M-Files LTS Service Release prior to 23.2 LTS SR4, and 23.8 LTS SR1, which originates from a vulnerability that could allow a...

CVE-2023-3406

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server...

Path traversal

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server...

CVE-2023-3406 Path traversal issue in M-Files Classic Web

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server...

CVE-2023-3406 Path traversal issue in M-Files Classic Web

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server...

M-Files 路径遍历漏洞

M-Files is an innovative metadata-driven document management platform from M-Files, Inc. A security vulnerability exists in M-Files Classic Web versions prior to 23.6.12695.3, which stems from a path traversal issue that allows an authenticated user to read certain restricted files on the web...