VYPR

Zimbra Collaboration (ZCS)

by Zimbra

CVEs (108)

  • CVE-2026-33371MedMar 20, 2026
    risk 0.28cvss 4.3epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is…

  • CVE-2025-68645KEVDec 22, 2025
    risk 0.16cvss epss 0.32

    A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the…

  • CVE-2025-66376KEVJan 5, 2026
    risk 0.13cvss epss 0.12

    Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

  • CVE-2022-3569HigOct 17, 2022
    risk 0.03cvss 7.8epss 0.01

    Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'.

  • CVE-2012-1213Feb 24, 2012
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.

  • CVE-2025-67809Dec 15, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because these credentials are embedded directly in the Zimlet, any unauthorized party…

  • CVE-2024-45515Jul 30, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by…

  • CVE-2008-1226Mar 10, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image…

Page 6 of 6