📦 Zimbra Collaboration Suite

This critical vulnerability in Zimbra Collaboration's postjournal service allows unauthenticated attackers to execute arbitrary commands on affected systems. All Zimbra Collaboration deployments runni...

This vulnerability in Zimbra Collaboration Suite allows Server-Side Request Forgery (SSRF) when the WebEx zimlet is installed and JSP functionality is enabled. Attackers can exploit this to make unaut...

An unauthenticated remote attacker can exploit this Local File Inclusion vulnerability in Zimbra Collaboration's Webmail Classic UI to read arbitrary files from the WebRoot directory. This affects Zim...

A Cross-Site Request Forgery vulnerability in Zimbra Collaboration's GraphQL endpoint allows attackers to perform unauthorized operations when authenticated users visit malicious websites. This affect...

This SQL injection vulnerability in Zimbra Collaboration's ZimbraSync Service SOAP endpoint allows authenticated attackers to inject arbitrary SQL queries by manipulating a specific parameter. Exploit...

This CVE describes a Local File Inclusion vulnerability in Zimbra Collaboration's Webmail Classic UI. Authenticated attackers can access sensitive files in the WebRoot directory by crafting malicious ...

CVE-2022-27924 is an unauthenticated memcache command injection vulnerability in Zimbra Collaboration Suite. It allows attackers to overwrite arbitrary cached entries, potentially leading to authentic...

A Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration's Classic UI allows attackers to execute arbitrary JavaScript in users' sessions by sending specially crafted emails. This can lead t...

A Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration's Classic UI allows attackers to execute arbitrary JavaScript when users view specially crafted emails. This can lead to session hija...

This stored XSS vulnerability in Zimbra Collaboration allows attackers to inject malicious JavaScript via ICS calendar files in emails. When victims view these emails, the JavaScript executes in their...

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration's RSS feed parser. It allows attackers to redirect requests to internal network endpoints, potentially acc...

This stored XSS vulnerability in Zimbra Collaboration allows attackers with administrative access to inject malicious JavaScript into email account configurations. The injected code executes in victim...

This Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration allows attackers to execute arbitrary JavaScript in victim sessions by exploiting improper input sanitization in the /h/rest endpo...

This CVE describes a Cross-Site Scripting (XSS) vulnerability in Zimbra Collaboration (ZCS) webmail where attackers can inject malicious JavaScript via the packages parameter. The vulnerability affect...

This stored XSS vulnerability in Zimbra Collaboration allows attackers to inject malicious JavaScript into email fields. When victims add attacker-controlled contacts, the code executes in their webma...

A reflected Cross-Site Scripting vulnerability in Zimbra Collaboration Suite 8.8.15 allows attackers to inject malicious scripts via webmail calendar endpoints. When exploited, this can lead to sessio...