Actively exploited vulnerability

CVE-2023-37580: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data.

CISA KEV source 27 Jul 2023 added 17 Aug 2023 remediation due

Affected product

Synacor · Zimbra Collaboration Suite (ZCS)

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2023-37580.