CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0CVE-2023-43102
https://notcve.org/view.php?id=CVE-2023-43102
An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. An XSS issue can be exploited to access the mailbox of an authenticated user. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. Se descubrió un problema en Zimbra Collaboration (ZCS) antes de 10.0.4. Se puede aprovechar un problema XSS para acceder al buzón de correo de un usuario autenticado. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0CVE-2023-43103
https://notcve.org/view.php?id=CVE-2023-43103
An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. This is also fixed in 8.8.15 Patch 43 and 9.0.0 Patch 36. Se descubrió un problema XSS en un endpoint web en Zimbra Collaboration (ZCS) anterior a 10.0.4 a través de un parámetro no sanitizado. Esto también se solucionó en el parche 43 8.8.15 y el parche 36 9.0.0. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 29EXPL: 0CVE-2023-38750
https://notcve.org/view.php?id=CVE-2023-38750
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy •
CVSS: 6.1EPSS: 30%CPEs: 14EXPL: 0CVE-2023-37580 – Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2023-37580
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. • http://www.openwall.com/lists/oss-security/2023/11/17/2 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 66EXPL: 0CVE-2023-29382
https://notcve.org/view.php?id=CVE-2023-29382
An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy • CWE-94: Improper Control of Generation of Code ('Code Injection') •