Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration 8.8.15 vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-35207
An issue exists in Zimbra Collaboration Suite 8.8 prior to 8.8.15 Patch 23 and 9.0 prior to 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginE...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
383
VMScore
CVE-2020-13653
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite prior to 8.8.15 Patch 11. It allows an malicious user to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing a...
Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite 8.8.15
383
VMScore
CVE-2019-15313
In Zimbra Collaboration prior to 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
Zimbra Collaboration Server
Zimbra Collaboration Server 8.8.15
356
VMScore
CVE-2020-35123
In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
Zimbra Collaboration 9.0.0
312
VMScore
CVE-2021-35208
An issue exists in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x prior to 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to b...
Zimbra Collaboration
Zimbra Collaboration 8.8.15
312
VMScore
CVE-2019-12427
Zimbra Collaboration prior to 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
Zimbra Collaboration Server
230
VMScore
CVE-2015-1197
cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.
Gnu Cpio 2.11
1 Metasploit module
1 Article
NA
CVE-2023-48432
An issue exists in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.
NA
CVE-2023-45207
An issue exists in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by s...
NA
CVE-2023-45206
An issue exists in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issu...
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »