Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zimbra collaboration 8.8.15 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-48432
An issue exists in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail.
NA
CVE-2023-26562
In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp.
NA
CVE-2023-45206
An issue exists in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issu...
NA
CVE-2023-45207
An issue exists in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by s...
6.1
CVSSv3
CVE-2023-43102
An issue exists in Zimbra Collaboration (ZCS) prior to 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration
6.1
CVSSv3
CVE-2023-43103
An XSS issue exists in a web endpoint in Zimbra Collaboration (ZCS) prior to 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration
7.5
CVSSv3
CVE-2023-41106
An issue exists in Zimbra Collaboration (ZCS) prior to 10.0.3. An attacker can gain access to a Zimbra account. This is also fixed in 9.0.0 Patch 35 and 8.8.15 Patch 42.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
Zimbra Collaboration
6.1
CVSSv3
CVE-2023-37580
Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Zimbra Zimbra 8.8.15
Zimbra Zimbra
1 Github repository
7.5
CVSSv3
CVE-2023-38750
In Zimbra Collaboration (ZCS) 8 prior to 8.8.15 Patch 41, 9 prior to 9.0.0 Patch 34, and 10 prior to 10.0.2, internal JSP and XML files can be exposed.
Zimbra Zimbra 9.0.0
Zimbra Zimbra 8.8.15
Zimbra Zimbra
Zimbra Zimbra 10.0.1
9.8
CVSSv3
CVE-2023-29381
An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote malicious user to escalate privileges and obtain sensitive information via the password and 2FA parameters.
Zimbra Collaboration 9.0.0
Zimbra Collaboration 8.8.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »