6 matches found
CVE-2023-45206
An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...
Unrestricted file upload
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2022-41350
CVE-2022-41350 affects Zimbra Collaboration Suite (ZCS) 8.8.15. The vulnerability is a Reflected XSS in the /h/search?action=voicemail&action=listen endpoint where the phone parameter is not properly sanitized, allowing execution of arbitrary JavaScript on the victim’s machine. Public documents c...
CVE-2022-37042
Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...
CVE-2020-7796
Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...