CVE-2025-54390
- EPSS 0.02%
- Veröffentlicht 17.09.2025 00:00:00
- Zuletzt bearbeitet 18.09.2025 13:43:34
A Cross-Site Request Forgery (CSRF) vulnerability exists in the ResetPasswordRequest operation of Zimbra Collaboration (ZCS) when the zimbraFeatureResetPasswordStatus attribute is enabled. An attacker can exploit this by tricking an authenticated use...
CVE-2025-54391
- EPSS 0.12%
- Veröffentlicht 16.09.2025 00:00:00
- Zuletzt bearbeitet 17.09.2025 14:18:55
A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. The attacker can configure an additional 2FA method (ei...
CVE-2024-45515
- EPSS 0.1%
- Veröffentlicht 30.07.2025 00:00:00
- Zuletzt bearbeitet 07.08.2025 18:16:45
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can...
CVE-2025-53645
- EPSS 0.2%
- Veröffentlicht 09.07.2025 00:00:00
- Zuletzt bearbeitet 22.07.2025 16:15:33
Zimbra Collaboration (ZCS) before 9.0.0 Patch 46, 10.0.x before 10.0.15, and 10.1.x before 10.1.9 is vulnerable to a denial of service condition due to improper handling of excessive, comma-separated path segments in the Admin Console. An unauthentic...
CVE-2025-32354
- EPSS 0.02%
- Veröffentlicht 29.04.2025 00:00:00
- Zuletzt bearbeitet 11.06.2025 21:20:21
In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform u...
CVE-2024-54663
- EPSS 0.1%
- Veröffentlicht 19.12.2024 23:15:07
- Zuletzt bearbeitet 11.06.2025 21:17:48
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive ...
CVE-2024-45511
- EPSS 0.19%
- Veröffentlicht 20.11.2024 19:15:06
- Zuletzt bearbeitet 11.06.2025 21:16:54
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim...
CVE-2024-50599
- EPSS 0.47%
- Veröffentlicht 07.11.2024 21:15:06
- Zuletzt bearbeitet 17.06.2025 18:41:30
A reflected Cross-Site Scripting (XSS) vulnerability has been identified in Zimbra Collaboration Suite (ZCS) 8.8.15, affecting one of the webmail calendar endpoints. This arises from improper handling of user-supplied input, allowing an attacker to i...
CVE-2015-7610
- EPSS 6.53%
- Veröffentlicht 30.05.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 02:37:03
Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspe...
CVE-2018-10939
- EPSS 1.59%
- Veröffentlicht 30.05.2018 21:29:00
- Zuletzt bearbeitet 21.11.2024 03:42:21
Zimbra Web Client (ZWC) in Zimbra Collaboration Suite 8.8 before 8.8.8.Patch4 and 8.7 before 8.7.11.Patch4 has Persistent XSS via a contact group.