CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2023-38750
https://notcve.org/view.php?id=CVE-2023-38750
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy •
CVSS: 6.1EPSS: 30%CPEs: 14EXPL: 0CVE-2023-37580 – Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-37580
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. • http://www.openwall.com/lists/oss-security/2023/11/17/2 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •