CVEDB API

Vulnerabilities

Vulnerable Software

Zimbra: >> Collaboration >> 10.0.9 Security Vulnerabilities

CVE-2024-45515

An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata when importing files into the briefcase. Attackers can exploit this issue by crafting a file with manipulated metadata, allowing them to bypass content type checks and execute arbitrary JavaScript within the victim's session.

CVSS Score

6.1

EPSS Score

0.001

Published

2025-07-30

CVE-2025-27914

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a victim's session. Exploitation requires a valid auth token and involves a crafted URL with manipulated query parameters that triggers XSS when accessed by a victim.

CVSS Score

5.4

EPSS Score

0.0

Published

2025-03-12

Page 1

Vulnerabilities

Vulnerable Software

Zimbra: >> Collaboration >> 10.0.9 Security Vulnerabilities

Products

Pricing

Contact Us