Zimbra Security Vulnerabilities and Issues — Zimbra CVE List

Lucene search

ZimbraZimbra

6 matches found

CVE•added 2023/07/31 4:15 p.m.•481 views

CVE-2023-37580

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

6.1CVSS6.2AI score0.93864EPSS

CVE•added 2024/11/22 9:15 p.m.•90 views

CVE-2024-9665

Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email...

6.5CVSS6.4AI score0.00042EPSS

CVE•added 2023/07/31 4:15 p.m.•79 views

CVE-2023-38750

In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.

7.5CVSS7.5AI score0.00288EPSS

CVE•added 2020/05/05 3:15 p.m.•56 views

CVE-2020-11737

A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followe...

6.1CVSS5.9AI score0.01159EPSS

CVE•added 2020/02/12 4:15 p.m.•46 views

CVE-2013-1938

Zimbra 2013 has XSS in aspell.php

6.1CVSS6AI score0.02279EPSS

CVE•added 2012/02/24 1:55 p.m.•35 views

CVE-2012-1213

Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.

4.3CVSS5.9AI score0.04116EPSS