14 matches found
CVE-2026-33368
Zimbra Collaboration Suite ZCS 10.0 and 10.1 contains a reflected cross-site scripting XSS vulnerability in the Classic Webmail REST interface /h/rest. The application fails to properly sanitize user-supplied input, allowing an unauthenticated attacker to inject malicious JavaScript into a crafte...
EUVD-2023-38292
Malicious code in bioql PyPI...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...
Cross site scripting
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...
Unrestricted file upload
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...
CVE-2023-34193
CVE-2023-34193 affects Zimbra ZCS 8.8.15 where an authenticated privileged user can upload via the ClientUploader function, enabling arbitrary code execution and access to sensitive data. Root cause is a file-upload pathway vulnerability in Zimbra ZCS; impact includes high confidentiality, integr...
PT-2023-24729 · Zimbra · Zimbra Zcs
Name of the Vulnerable Software and Affected Versions: Zimbra ZCS version 8.8.15 Description: The issue allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. Recommendations: For Zimbra ZCS version 8.8.15, consider...
CVE-2023-34192
CVE-2023-34192 affects Zimbra Collaboration Suite (ZCS) v8.8.15. A cross-site scripting (XSS) vulnerability exists in the /h/autoSaveDraft function that an authenticated remote attacker can exploit by sending a crafted script, allowing arbitrary script execution in the victim’s browser and potent...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...