Collaboration Security Vulnerabilities and Issues — Collaboration CVE List

Lucene search

ZimbraCollaboration

12 matches found

CVE•added 2023/07/06 4:15 p.m.•190 views

CVE-2023-34192

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

9CVSS8.6AI score0.88993EPSS

In wildWeb

CVE•added 2023/06/15 9:15 p.m.•112 views

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user...

6.1CVSS6AI score0.00841EPSS

CVE•added 2023/07/06 4:15 p.m.•82 views

CVE-2023-29382

An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.

9.8CVSS9.6AI score0.00565EPSS

CVE•added 2023/12/07 5:15 a.m.•77 views

CVE-2023-41106

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42.

7.5CVSS7.5AI score0.00369EPSS

CVE•added 2023/07/06 4:15 p.m.•74 views

CVE-2023-34193

File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.

8.8CVSS8.6AI score0.00337EPSS

CVE•added 2023/06/15 9:15 p.m.•61 views

CVE-2023-24032

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to local privilege escalation (LPE).

7.8CVSS7.9AI score0.00071EPSS

CVE•added 2023/01/06 11:15 p.m.•57 views

CVE-2022-45913

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via one of attributes in webmail URLs to execute arbitrary JavaScript code, leading to information disclosure.

6.1CVSS6.1AI score0.00383EPSS

CVE•added 2023/06/15 9:15 p.m.•52 views

CVE-2023-24031

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. XSS can occur, via one of attributes of the webmail /h/ endpoint, to execute arbitrary JavaScript code, leading to information disclosure.

6.1CVSS6.1AI score0.00355EPSS

Web

CVE•added 2023/12/07 6:15 a.m.•45 views

CVE-2023-43103

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.

6.1CVSS5.9AI score0.0042EPSS

CVE•added 2023/07/06 4:15 p.m.•42 views

CVE-2023-29381

An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.

9.8CVSS9.3AI score0.01399EPSS

CVE•added 2023/01/06 11:15 p.m.•40 views

CVE-2022-45911

An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur on the Classic UI login page by injecting arbitrary JavaScript code in the username field. This occurs before the user logs into the system, which means that even if the attacker executes arbitrary JavaScript, they will not ge...

6.1CVSS6AI score0.00384EPSS

CVE•added 2023/12/07 6:15 a.m.•39 views

CVE-2023-43102

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.

6.1CVSS5.8AI score0.00481EPSS