Zimbra - Cross-Site Scripting via ICS Files

Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...

Zimbra Collaboration Server 9.x < 9.0.0 Patch 39, 10.0.x < 10.0.13, 10.1.x < 10.1.5 XSS

According to its self-reported version number, Zimbra Collaboration Server is affected by the following vulnerability including:A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML. Using a specifically crafted email, a attacker...

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an...

EUVD-2025-7823

Malicious code in bioql PyPI...

CVE-2023-37580

Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client...

Zimbra Collaboration Server 安全漏洞

Zimbra Collaboration Server ZCS is an email and collaboration solution from Zimbra. The solution provides email, contacts, calendaring, file sharing, social networking, and other features. A security vulnerability exists in Zimbra Collaboration Server versions 9.0, 10.0, and 10.1, which stems fro...

CVE-2025-27915

The CVE-2025-27915 issue affects Zimbra Collaboration (ZCS) Classic Web Client, where insufficient sanitization of HTML in ICS files enables stored XSS when viewing an email with a crafted ICS entry. The underlying flaw allows embedded JavaScript to execute via an ontoggle event inside a tag, en...

CVE-2025-27915

An issue was discovered in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A stored cross-site scripting XSS vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its...

PT-2025-11082

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS versions 9.0, 10.0, and 10.1 Zimbra Collaboration Suite versions 9.0.0 Patch 44, 10.0.13, and 10.1.5 and earlier Description Zimbra Collaboration Suite ZCS contains a stored cross-site scripting XSS flaw in the...

PT-2023-4007

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions 8.0.0 through 8.8.15 Patch 40 Zimbra Collaboration ZCS versions prior to 8.8.15 Patch 41 Description The issue is related to a Cross-Site Scripting XSS vulnerability in the Zimbra Classic Web Client. This...