CVSS: 6.1EPSS: 96%CPEs: 1EXPL: 0CVE-2022-27926 – Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2022-27926
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters. Una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el componente /public/launchNewWindow.jsp de Zimbra Collaboration (también se conoce como ZCS) versión 9.0, permite a atacantes no autenticados ejecutar un script web o HTML arbitrario por medio de parámetros de petición Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories •
CVSS: 7.2EPSS: 94%CPEs: 2EXPL: 13CVE-2022-27925 – Zimbra Collaboration (ZCS) Arbitrary File Upload Vulnerability
https://notcve.org/view.php?id=CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal. Zimbra Collaboration (también se conoce como ZCS) versiones 8.8.15 y 9.0, presenta la funcionalidad mboximport que recibe un archivo ZIP y extrae archivos de él. Un usuario autenticado con derechos de administrador presenta la capacidad de cargar archivos arbitrarios en el sistema, conllevando a un salto de directorio Zimbra Collaboration (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution. • https://github.com/Josexv1/CVE-2022-27925 https://github.com/mohamedbenchikh/CVE-2022-27925 https://github.com/vnhacker1337/CVE-2022-27925-PoC https://github.com/Inplex-sys/CVE-2022-27925 https://github.com/lolminerxmrig/CVE-2022-27925-Revshell https://github.com/touchmycrazyredhat/CVE-2022-27925-Revshell https://github.com/Chocapikk/CVE-2022-27925-Revshell https://github.com/akincibor/CVE-2022-27925 https://github.com/miko550/CVE-2022-27925 https://github.com/navokus/CVE-2022-27 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 9%CPEs: 2EXPL: 0CVE-2022-27924 – Zimbra Collaboration (ZCS) Command Injection Vulnerability
https://notcve.org/view.php?id=CVE-2022-27924
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries. Zimbra Collaboration (también se conoce como ZCS) versiones 8.8.15 y 9.0, permite a un atacante no autenticado inyectar comandos arbitrarios de memcache en una instancia objetivo. Estos comandos de memcache son convertidos en no-escapados, causando una sobreescritura de entradas arbitrarias en la caché Zimbra Collaboration (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.1EPSS: 2%CPEs: 31EXPL: 1CVE-2022-24682 – Zimbra Webmail Cross-Site Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2022-24682
An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. Se ha detectado un problema en la funcionalidad Calendar en Zimbra Collaboration Suite 8.8.x versiones anteriores a 8.8.15 parche 30 (actualización 1), como es explotado "in the wild" a partir de diciembre 2021. Un atacante podría colocar HTML que contenga JavaScript ejecutable dentro de los atributos de los elementos. • https://blog.zimbra.com/2022/02/hotfix-available-5-feb-for-zero-day-exploit-vulnerability-in-zimbra-8-8-15 https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P30 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.1EPSS: 0%CPEs: 40EXPL: 0CVE-2021-35207
https://notcve.org/view.php?id=CVE-2021-35207
An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url. Se presenta una vulnerabilidad de redireccionamiento abierto en el servlet /preauth de Zimbra Collaboration Suite versiones hasta 9.0. Para explotar la vulnerabilidad, un atacante necesitaría haber obtenido un token de autenticación válido de Zimbra o un token de preautenticación válido. Una vez obtenido el token, un atacante podría redirigir a un usuario a cualquier URL por medio de isredirect=1&redirectURL= en conjunto con los datos del token (por ejemplo, un valor authtoken= válido) • https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P23 https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P16 https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •