CVE-2024-54663

An issue was discovered in the Webmail Classic UI in Zimbra Collaboration ZCS 9.0 and 10.0 and 10.1. A Local File Inclusion LFI vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requir...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via 1 a URL accessed during use of the Mail template in the WebMail UI or 2 a URL accessed during use of Domino Help through the Domino HTTP...