14 matches found
CVE-2026-33368
Zimbra Collaboration Suite ZCS 10.0 and 10.1 contains a reflected cross-site scripting XSS vulnerability in the Classic Webmail REST interface /h/rest. The application fails to properly sanitize user-supplied input, allowing an unauthenticated attacker to inject malicious JavaScript into a crafte...
EUVD-2023-38292
Malicious code in bioql PyPI...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
Cross site scripting
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...
Unrestricted file upload
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function...
CVE-2023-34193
CVE-2023-34193 affects Zimbra ZCS 8.8.15 where an authenticated privileged user can upload via the ClientUploader function, enabling arbitrary code execution and access to sensitive data. Root cause is a file-upload pathway vulnerability in Zimbra ZCS; impact includes high confidentiality, integr...
PT-2023-24729 · Zimbra · Zimbra Zcs
Name of the Vulnerable Software and Affected Versions: Zimbra ZCS version 8.8.15 Description: The issue allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function. Recommendations: For Zimbra ZCS version 8.8.15, consider...
CVE-2023-34192
CVE-2023-34192 affects Zimbra Collaboration Suite (ZCS) v8.8.15. A cross-site scripting (XSS) vulnerability exists in the /h/autoSaveDraft function that an authenticated remote attacker can exploit by sending a crafted script, allowing arbitrary script execution in the victim’s browser and potent...
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function...