Zimbra

Collaboration

57 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2025-66376

Medienbericht
  • EPSS 0.05%
  • Veröffentlicht 05.01.2026 00:00:00
  • Zuletzt bearbeitet 08.01.2026 18:09:49

Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

8.8

CVE-2025-68645

Warnung Medienbericht
  • EPSS 20.85%
  • Veröffentlicht 22.12.2025 18:16:17
  • Zuletzt bearbeitet 23.01.2026 18:39:33

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can...

4.7

CVE-2025-67809

  • EPSS 0.04%
  • Veröffentlicht 15.12.2025 00:00:00
  • Zuletzt bearbeitet 30.12.2025 20:30:14

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimle...

5

CVE-2025-62763

  • EPSS 0.05%
  • Veröffentlicht 21.10.2025 00:00:00
  • Zuletzt bearbeitet 08.12.2025 16:15:52

Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.

6.1

CVE-2024-45515

  • EPSS 0.1%
  • Veröffentlicht 30.07.2025 00:00:00
  • Zuletzt bearbeitet 07.08.2025 18:16:45

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can...

6.1

CVE-2025-48700

  • EPSS 0.03%
  • Veröffentlicht 23.06.2025 00:00:00
  • Zuletzt bearbeitet 11.07.2025 14:32:05

An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leadin...

6.1

CVE-2024-45516

  • EPSS 0.16%
  • Veröffentlicht 14.05.2025 00:00:00
  • Zuletzt bearbeitet 11.06.2025 21:20:29

An issue was discovered in Zimbra Collaboration (ZCS) 9.0.0 before Patch 43, 10.0.x before 10.0.12, 10.1.x before 10.1.4, and 8.8.15 before Patch 47. A Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic UI allows attackers to execute arbi...

5.4

CVE-2025-27915

Warnung Exploit
  • EPSS 27.69%
  • Veröffentlicht 12.03.2025 00:00:00
  • Zuletzt bearbeitet 04.11.2025 16:45:11

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail...

5.4

CVE-2025-27914

  • EPSS 0.06%
  • Veröffentlicht 12.03.2025 00:00:00
  • Zuletzt bearbeitet 02.04.2025 20:38:06

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim'...

5.3

CVE-2025-25065

  • EPSS 0.3%
  • Veröffentlicht 03.02.2025 20:15:37
  • Zuletzt bearbeitet 11.06.2025 21:18:20

SSRF vulnerability in the RSS feed parser in Zimbra Collaboration 9.0.0 before Patch 43, 10.0.x before 10.0.12, and 10.1.x before 10.1.4 allows unauthorized redirection to internal network endpoints.