Lucene search

Collaboration Security Vulnerabilities - 2023

cve

CVE-2022-45911

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not ge...

6.1CVSS

6AI Score

0.001EPSS

2023-01-06 11:15 PM

cve

CVE-2022-45913

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.

6.1CVSS

6.1AI Score

0.001EPSS

2023-01-06 11:15 PM

cve

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user...

6.1CVSS

6AI Score

0.001EPSS

2023-06-15 09:15 PM

cve

CVE-2023-24031

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.

6.1CVSS

6.1AI Score

0.001EPSS

2023-06-15 09:15 PM

cve

CVE-2023-24032

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).

7.8CVSS

7.9AI Score

0.0004EPSS

2023-06-15 09:15 PM

cve

CVE-2023-29381

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.

9.8CVSS

9.3AI Score

0.003EPSS

2023-07-06 04:15 PM

cve

CVE-2023-29382

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

9.8CVSS

9.6AI Score

0.003EPSS

2023-07-06 04:15 PM

cve

CVE-2023-34192

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

9CVSS

8.6AI Score

0.463EPSS

2023-07-06 04:15 PM

cve

CVE-2023-34193

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.

8.8CVSS

8.6AI Score

0.002EPSS

2023-07-06 04:15 PM

cve

CVE-2023-41106

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42.

7.5CVSS

7.5AI Score

0.001EPSS

2023-12-07 05:15 AM

cve

CVE-2023-43102

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.

6.1CVSS

5.8AI Score

0.0005EPSS

2023-12-07 06:15 AM

cve

CVE-2023-43103

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.

6.1CVSS

5.9AI Score

0.0005EPSS

2023-12-07 06:15 AM