Zimbra 9.0.0
Approved changes feed: RSS · Atom
cpe:2.3:a:zimbra:zimbra:9.0.0:*:*:*:*:*:*:*
part: a version: 9.0.0 update: *
| Vendor | Zimbra (2c2042e1-5f4a-5590-841f-bd7953d2bb5f) |
|---|---|
| Product | Zimbra (8db03b28-f061-5022-85f8-50ba699a6a4a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/zimbra/zm-build |
purl2cpe | 2026-06-01 10:12:36.168597 |
pkg:sourceforge/zimbra |
purl2cpe | 2026-06-01 10:12:36.168599 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-38750 |
vulnerable | 2026-06-08 06:08:18.821613 |
Details available
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
Published: 2023-07-31T00:00:00.000Z
Updated: 2024-10-22T17:42:37.528Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-11737 |
vulnerable | 2026-06-08 05:17:54.245785 |
Details available
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.
Published: 2020-05-05T14:08:15.000Z
Updated: 2024-08-04T11:41:58.246Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.