Collaboration Security Vulnerabilities and Issues — Collaboration CVE List

Lucene search

ZimbraCollaboration

3 matches found

CVE•added 2025/03/12 3:15 p.m.•94 views

CVE-2025-27915

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its em...

5.4CVSS5.2AI score0.00028EPSS

CVE•added 2025/03/12 3:15 p.m.•43 views

CVE-2025-27914

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth tok...

5.4CVSS5.2AI score0.00023EPSS

CVE•added 2025/07/30 3:15 p.m.•6 views

CVE-2024-45515

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manip...

6.1CVSS6.1AI score0.00016EPSS