CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

Cvelist•added 2024/02/13 12:0 a.m.•25 views

CVE-2023-45206

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting XSS. Adding an adequate message to avoid malicious code will mitigate this issue...

8.9AI score0.00349EPSS

Exploits0References3

Prion•added 2022/10/12 8:15 p.m.•21 views

Information disclosure

An issue was discovered in Zimbra Collaboration ZCS 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure...

5.8CVSS5.7AI score0.01073EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2022/08/12 12:0 a.m.•486 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS9.1AI score0.94333EPSS

In wildExploits16References4

CVE•added 2022/04/20 11:23 p.m.•580 views

CVE-2022-27926

Zimbra Collaboration (ZCS) 9.0 is affected by a reflected XSS in /public/launchNewWindow.jsp that allows unauthenticated attackers to execute arbitrary script or HTML via request parameters. The issue is confirmed across multiple sources (NVD/Nuclei/CISA KEV/CNVD) with the impact described as cli...

6.1CVSS6AI score0.94125EPSS

In wildExploits0References4Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by