Zimbra

Collaboration

62 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-33373

  • EPSS 0.04%
  • Veröffentlicht 30.03.2026 15:16:29
  • Zuletzt bearbeitet 07.04.2026 18:50:47

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state trans...

5.4

CVE-2026-33372

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 14:16:16
  • Zuletzt bearbeitet 01.04.2026 15:32:50

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability exists in Zimbra Webmail due to improper validation of CSRF tokens. The application accepts CSRF tokens supplied within the request...

4.3

CVE-2026-33371

  • EPSS 0.05%
  • Veröffentlicht 20.03.2026 14:16:16
  • Zuletzt bearbeitet 01.04.2026 15:35:47

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submi...

6.1

CVE-2026-33370

  • EPSS 0.03%
  • Veröffentlicht 20.03.2026 14:16:16
  • Zuletzt bearbeitet 01.04.2026 15:36:22

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Zimbra Briefcase feature due to insufficient sanitization of specific uploaded file types. When a user opens a public...

4.3

CVE-2026-33369

  • EPSS 0.05%
  • Veröffentlicht 20.03.2026 14:16:16
  • Zuletzt bearbeitet 01.04.2026 15:36:59

Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search ...

6.1

CVE-2025-66376

Warnung Medienbericht
  • EPSS 10.01%
  • Veröffentlicht 05.01.2026 00:00:00
  • Zuletzt bearbeitet 18.03.2026 20:13:37

Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

8.8

CVE-2025-68645

Warnung Medienbericht
  • EPSS 50.07%
  • Veröffentlicht 22.12.2025 18:16:17
  • Zuletzt bearbeitet 23.01.2026 18:39:33

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can...

4.7

CVE-2025-67809

  • EPSS 0.04%
  • Veröffentlicht 15.12.2025 00:00:00
  • Zuletzt bearbeitet 30.12.2025 20:30:14

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimle...

5

CVE-2025-62763

  • EPSS 0.04%
  • Veröffentlicht 21.10.2025 00:00:00
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.

6.1

CVE-2024-45515

  • EPSS 0.1%
  • Veröffentlicht 30.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 18:16:45

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can...