Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2020-13653
An XSS vulnerability exists in the Webmail component of Zimbra Collaboration Suite prior to 8.8.15 Patch 11. It allows an malicious user to inject executable JavaScript into the account name of a user's profile. The injected code can be reflected and executed when changing a...
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite
445
VMScore
CVE-2020-8633
An issue exists in Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7. When grantors revoked a shared calendar in Outlook, the calendar stayed mounted and accessible.
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite
605
VMScore
CVE-2020-7796
Zimbra Collaboration Suite (ZCS) prior to 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed and zimlet JSP is enabled.
Synacor Zimbra Collaboration Suite 8.8.15
Synacor Zimbra Collaboration Suite
685
VMScore
CVE-2015-6541
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) prior to 8.5 allow remote malicious users to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to servi...
Zimbra Zimbra Collaboration Server
1 EDB exploit
383
VMScore
CVE-2016-5721
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration prior to 8.7.0 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Zimbra Zimbra Collaboration Server
NA
CVE-2023-34192
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated malicious user to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
Zimbra Collaboration 8.8.15
NA
CVE-2023-34193
File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.
Zimbra Collaboration 8.8.15
NA
CVE-2022-41348
An issue exists in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.
Zimbra Collaboration 9.0.0
NA
CVE-2022-41351
In Zimbra Collaboration Suite (ZCS) 8.8.15, at the URL /h/calendar, one can trigger XSS by adding JavaScript code to the view parameter and changing the value of the uncheck parameter to a string (instead of default value of 10).
Zimbra Collaboration 8.8.15
NA
CVE-2022-37044
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.
Zimbra Collaboration 8.8.15
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »