CVE-2023-37580

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 31, 2023

Updated: Dec 22, 2023

CWE ID 79

Summary

CVE-2023-37580: A critical vulnerability affects Zimbra Collaboration (ZCS) versions prior to 8.8.15 Patch 41. This issue permits Cross-Site Scripting (XSS) attacks in the Zimbra Classic Web Client. An attacker can inject malicious scripts into a victim's web session, potentially stealing sensitive information or taking control of the account. It is highly recommended that users update their ZCS installations to the latest patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Zimbra Collaboration Suite

Affected Vendors

Zimbra

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rpqEFz
https://www.cve.org/CVERecord?id=CVE-2023-37580
https://nvd.nist.gov/vuln/detail/CVE-2023-37580

Back to Vulnerability Database