Lucene search
K

6 matches found

Cvelist
Cvelist
added 2024/02/13 12:0 a.m.47 views

CVE-2023-45206

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...

8.9AI score0.0041EPSS
Exploits0References3
Prion
Prion
added 2023/07/06 4:15 p.m.57 views

Unrestricted file upload

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...

6.5CVSS8.6AI score0.01169EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/07/06 12:0 a.m.12 views

CVE-2023-34193

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...

7.5AI score0.01169EPSS
Exploits0References3
CVE
CVE
added 2022/10/12 12:0 a.m.69 views

CVE-2022-41350

CVE-2022-41350 affects Zimbra Collaboration Suite (ZCS) 8.8.15. The vulnerability is a Reflected XSS in the /h/search?action=voicemail&action=listen endpoint where the phone parameter is not properly sanitized, allowing execution of arbitrary JavaScript on the victim’s machine. Public documents c...

6.1CVSS6.2AI score0.0041EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/12 12:0 a.m.495 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS9.1AI score0.98234EPSS
In wildExploits16References4
NVD
NVD
added 2020/02/18 10:15 p.m.24 views

CVE-2020-7796

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...

9.8CVSS9.6AI score0.85416EPSS
Exploits0References2
Rows per page
Query Builder