Approved changes feed: RSS · Atom

cpe:2.3:a:zimbra:zimbra:9.0.0:*:*:*:*:*:*:*

part: a version: 9.0.0 update: *

VendorZimbra (2c2042e1-5f4a-5590-841f-bd7953d2bb5f)
ProductZimbra (8db03b28-f061-5022-85f8-50ba699a6a4a)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from NVD CPE 2.0 feed

PURL mappings

PURLSourceLast updated
pkg:github/zimbra/zm-build purl2cpe 2026-06-01 10:12:36.168597
pkg:sourceforge/zimbra purl2cpe 2026-06-01 10:12:36.168599

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2023-38750 vulnerable 2026-06-08 06:08:18.821613 Details available
In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.
Published: 2023-07-31T00:00:00.000Z
Updated: 2024-10-22T17:42:37.528Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-11737 vulnerable 2026-06-08 05:17:54.245785 Details available
A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 allows a remote attacker to craft links in an E-Mail message or calendar invite to execute arbitrary JavaScript. The attack requires an A element containing an href attribute with a "www" substring (including the quotes) followed immediately by a DOM event listener such as onmouseover. This is fixed in 9.0.0 Patch 2.
Published: 2020-05-05T14:08:15.000Z
Updated: 2024-08-04T11:41:58.246Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.