Zimbra Collaboration vulnerabilities
43 known vulnerabilities affecting zimbra/collaboration.
Total CVEs
43
CISA KEV
2
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL4HIGH10MEDIUM29
Vulnerabilities
Page 3 of 3
CVE-2022-41350P4MEDIUMCVSS 6.1v8.8.152022-10-12
CVE-2022-41350 [MEDIUM] CWE-79 CVE-2022-41350: In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone
In Zimbra Collaboration Suite (ZCS) 8.8.15, /h/search?action=voicemail&action=listen accepts a phone parameter that is vulnerable to Reflected XSS. This allows executing arbitrary JavaScript on the victim's machine.
nvd
CVE-2025-27914P4MEDIUMCVSS 5.4≥ 10.0.0, < 10.0.11v9.0.0+1 more2025-03-12
CVE-2025-27914 [MEDIUM] CWE-79 CVE-2025-27914: An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query p
nvd
CVE-2022-41348P4MEDIUMCVSS 6.1v9.0.02022-10-12
CVE-2022-41348 [MEDIUM] CWE-79 CVE-2022-41348: An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute o
An issue was discovered in Zimbra Collaboration (ZCS) 9.0. XSS can occur via the onerror attribute of an IMG element, leading to information disclosure.
nvd
← Previous3 / 3