CVE Catalog

Actively exploited in the wild

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Synacor — Zimbra Collaboration Suite (ZCS) · Listed in the CISA KEV since 2023-07-27. This indicates confirmed attacks in production environments.

Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

CVE-2023-37580

MediumCVSS 6.1KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
59.04%

99th percentile — higher than 99% of all known CVEs

Summary

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

Risk Assessment

An attacker can exploit this vulnerability to inject malicious scripts, potentially leading to user data theft or session hijacking.

Recommendation

It is recommended to update Zimbra to version 8.8.15 Patch 41 or later to mitigate this vulnerability.

Original NVD description (English source)

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS