CVE-2025-25065
- EPSS 0.3%
- Veröffentlicht 03.02.2025 20:15:37
- Zuletzt bearbeitet 11.06.2025 21:18:20
SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.
CVE-2024-9665
- EPSS 0.12%
- Veröffentlicht 22.11.2024 21:15:23
- Zuletzt bearbeitet 03.01.2025 21:58:29
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerabili...
CVE-2023-38750
- EPSS 0.29%
- Veröffentlicht 31.07.2023 16:15:10
- Zuletzt bearbeitet 21.11.2024 08:14:10
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
CVE-2020-11737
- EPSS 2.05%
- Veröffentlicht 05.05.2020 15:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:30
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with...
CVE-2013-1938
- EPSS 2.28%
- Veröffentlicht 12.02.2020 16:15:10
- Zuletzt bearbeitet 21.11.2024 01:50:42
Zimbra 2013 has XSS in aspell.php
CVE-2012-1213
- EPSS 3.55%
- Veröffentlicht 24.02.2012 13:55:07
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.