Lucene search
+L

63 matches found

CVE
CVE
added 2022/09/26 12:0 a.m.967 views

CVE-2022-41352

CVE-2022-41352 affects Zimbra Collaboration (ZCS) 8.8.15 and 9.0. The issue arises from an amavis/cpio handling path traversal that can cause arbitrary file writes to /opt/zimbra/jetty/webapps/zimbra/public, enabling unauthorized access to other user accounts. Public details confirm the root caus...

9.8CVSS9.4AI score0.95478EPSS
In wildExploits7References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/12 12:0 a.m.496 views

CVE-2022-37042

Zimbra Collaboration Suite ZCS 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication i.e., not having an authtoken, an attacker can upload arbitrary files to the system, leading to directory traversal and remote code...

9.8CVSS9.1AI score0.98586EPSS
In wildExploits16References4
CVE
CVE
added 2022/08/11 7:44 p.m.62 views

CVE-2022-37044

Affected software: Zimbra Collaboration Suite (ZCS) 8.8.15. Vulnerability: Reflected XSS in the /h/search?action endpoint, where parameters extra, title, and onload are partially sanitized. This can allow execution of arbitrary JavaScript in the victim’s browser. Impact: Client-side script execut...

6.1CVSS6AI score0.0043EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/11 7:40 p.m.85 views

CVE-2022-37043

CVE-2022-37043 affects Zimbra Collaboration Suite webmail (ZCS) 8.8.15 and 9.0.0. The issue is a preauth CSRF flaw where CSRF tokens are not checked on certain POST endpoints, allowing an authenticated user viewing an attacker‑controlled page to cause the application to process requests that appe...

5.7CVSS6.3AI score0.00284EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/11 7:37 p.m.1115 views

CVE-2022-37042

CVE-2022-37042 affects Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The vulnerability arises in the mboximport endpoint that accepts a ZIP archive; when an attacker bypasses authentication (no authtoken), they can upload arbitrary files, causing directory traversal and remote code execution. ...

9.8CVSS9AI score0.88795EPSS
In wildExploits8References4Affected Software1
CVE
CVE
added 2022/04/20 11:23 p.m.587 views

CVE-2022-27926

Zimbra Collaboration (ZCS) 9.0 is affected by a reflected XSS in /public/launchNewWindow.jsp that allows unauthenticated attackers to execute arbitrary script or HTML via request parameters. The issue is confirmed across multiple sources (NVD/Nuclei/CISA KEV/CNVD) with the impact described as cli...

6.1CVSS6AI score0.17634EPSS
In wildExploits0References4Affected Software1
CVE
CVE
added 2022/04/20 11:23 p.m.1136 views

CVE-2022-27925

CVE-2022-27925 affects Zimbra Collaboration Suite 8.8.15 and 9.0, where mboximport accepts a ZIP and extracts files. An authenticated administrator can upload arbitrary files, enabling directory traversal. Public PoCs/exploits in connected docs demonstrate path traversal behavior and indicate aff...

7.2CVSS7.2AI score0.98586EPSS
In wildExploits14References5Affected Software1
CVE
CVE
added 2022/04/20 11:23 p.m.947 views

CVE-2022-27924

CVE-2022-27924 affects Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0, allowing an unauthenticated attacker to inject arbitrary memcache commands into a targeted ZCS instance, with those commands becoming unescaped and enabling overwriting of arbitrary cached entries and extraction of credential...

7.5CVSS7.8AI score0.85398EPSS
In wildExploits2References4Affected Software1
NVD
NVD
added 2020/02/18 10:15 p.m.24 views

CVE-2020-7796

Zimbra Collaboration Suite ZCS before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled...

9.8CVSS9.6AI score0.84593EPSS
Exploits0References2
CVE
CVE
added 2020/02/18 9:17 p.m.82 views

CVE-2020-8633

CVE-2020-8633 affects Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. The issue arises when grantors revoke a shared calendar in Outlook: the calendar remains mounted and accessible instead of being properly revoked. Public sources in connected documents confirm this behavior and link to ...

5.3CVSS5.2AI score0.0107EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2019/05/30 6:29 p.m.18 views

CVE-2018-14425

There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite ZCS Zimbra Web Client ZWC 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1...

6.1CVSS6AI score
Exploits0References2
CVE
CVE
added 2019/05/30 5:7 p.m.62 views

CVE-2018-14425

CVE-2018-14425 concerns a Persistent XSS vulnerability in the Zimbra Web Client’s briefcase component within Zimbra Collaboration Suite (ZCS). Affected versions are ZCS/ZWC 8.8.8 prior to Patch 7 and 8.8.9 prior to Patch 1. The root cause is improper handling/validation of client-side data in the...

6.1CVSS5.9AI score0.00969EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/03/27 4:0 p.m.1012 views

CVE-2018-6882

Zimbra Collaboration Suite (ZCS) is affected by an XSS in ZmMailMsgView.getAttachmentLinkHtml. The vulnerability exists in ZCS before 8.7 Patch 1 and 8.8.x before 8.8.7, allowing remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment. Affected...

6.1CVSS6.1AI score0.23717EPSS
In wildExploits2References7Affected Software1
Prion
Prion
added 2018/02/04 1:29 a.m.14 views

Cross site scripting

Synacor Zimbra Collaboration Suite ZCS before 8.7.10 has Persistent XSS...

3.5CVSS5.6AI score0.0089EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2018/02/04 1:29 a.m.13 views

CVE-2017-17703

Synacor Zimbra Collaboration Suite ZCS before 8.8.3 has Persistent XSS...

6.1CVSS6.5AI score
Exploits0References2
CVE
CVE
added 2018/02/04 1:0 a.m.52 views

CVE-2017-17703

CVE-2017-17703 affects Synacor Zimbra Collaboration Suite (ZCS) before version 8.8.3, with a persistent cross-site scripting (XSS) vulnerability. The issue is documented across multiple sources (NVD entry for CVE-2017-17703, OpenVAS note, CNVD entry) and is described as a persistent XSS in ZCS pr...

6.1CVSS6.3AI score0.00994EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/02/04 1:0 a.m.64 views

CVE-2017-8783

CVE-2017-8783: Zimbra Collaboration Suite (ZCS) before 8.7.10 is vulnerable to a persistent cross-site scripting (XSS) vulnerability. The issue is documented across multiple feeds (NVD, OpenVAS) as affecting Zimbra WebMail/Calendar/Address Book components before version 8.7.10. The connected docu...

5.4CVSS5.5AI score0.0089EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2018/01/16 7:0 p.m.49 views

CVE-2017-8802

CVE-2017-8802 affects Zimbra Collaboration Suite (ZCS) prior to 8.8.0 Beta2. The issue is a cross-site scripting (XSS) vulnerability in the Show Snippet functionality, allowing an attacker to inject arbitrary web script or HTML in the authenticated Zimbra web UI. Root cause: improper handling of ...

5.4CVSS5.2AI score0.01264EPSS
Exploits2References4Affected Software1
CVE
CVE
added 2017/05/23 3:56 a.m.68 views

CVE-2017-6821

Summary (CVE-2017-6821) : Zimbra Collaboration Suite (ZCS) contains a directory traversal vulnerability in versions before 8.7.6. The CVE entry cites an unspecified impact via unknown vectors. Public-connected data confirms the issue in ZCS prior to 8.7.6 and aligns with multiple CVE references. ...

9.8CVSS9.6AI score0.03799EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/05/23 3:56 a.m.56 views

CVE-2017-7288

CVE-2017-7288 affects Zimbra Collaboration Suite (ZCS) before 8.7.1, allowing remote XSS via unspecified vectors. Impact: injection of arbitrary web script/HTML in a user’s browser. Affected component: ZCS web interface; root cause: XSS vulnerability in versions prior to 8.7.1. Remediation: upgra...

6.1CVSS5.9AI score0.01646EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder