Collaboration

This hub aggregates every CVE we track for Collaboration, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Collaboration.

• CVE-2025-66376Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.KEV7.2Jan 5, 2026
• CVE-2025-67809An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and secret are present in the publicly accessible Flickr Zimlet used by Zimbra Collaboration. Because...4.7Dec 15, 2025
• CVE-2025-62763Zimbra Collaboration (ZCS) before 10.1.12 allows SSRF because of the configuration of the chat proxy.5.0Oct 21, 2025
• CVE-2024-45515An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability exists in Zimbra webmail due to insufficient validation of the content type metadata w...6.1Jul 30, 2025
• CVE-2025-27914An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to...5.4Mar 12, 2025
• CVE-2024-45518An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-...8.8Oct 22, 2024
• CVE-2024-33535An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability involves unauthenticated local file inclusion (LFI) in a web application, specifically impacting the handling o...7.5Aug 12, 2024
• CVE-2024-33533An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0, issue 1 of 2. A reflected cross-site scripting (XSS) vulnerability has been identified in the Zimbra webmail admin interface. Thi...5.4Aug 12, 2024
• CVE-2024-33536An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The vulnerability occurs due to inadequate input validation of the res parameter, allowing an authenticated attacker to inject an...5.4Aug 12, 2024
• CVE-2024-27442An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. The zmmailboxdmgr binary, a component of ZCS, is intended to be executed by the zimbra user with root privileges for specific mai...7.8Aug 12, 2024
• CVE-2024-27443An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0. A Cross-Site Scripting (XSS) vulnerability exists in the CalendarInvite feature of the Zimbra webmail classic user interface, bec...KEV6.1Aug 12, 2024
• CVE-2023-50808Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the Modern UI.6.1Feb 13, 2024
• CVE-2023-45207An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webma...6.1Feb 13, 2024
• CVE-2023-45206An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site s...6.1Feb 13, 2024
• CVE-2023-48432An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) withi...6.1Feb 13, 2024