CVE-2025-66376

High KEV CVSS: 7.2

Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.

Vendor

Synacor

Product

Zimbra Collaboration Suite

CWE

CWE-79

Yayın Tarihi

2026-01-05 15:15:44

Güncelleme

2026-03-18 20:13:37

Source Identifier

cve@mitre.org

KEV Date Added

2026-03-18

Kategoriler

CWE-79 Zimbra Collaboration Suite HIGH Synacor 2026

Referanslar

https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.18#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.13#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-66376

Benzer Kayıtlar

Medium

CVE-2026-33369

Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a F…

Medium

CVE-2026-33370

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability e…

Medium

CVE-2026-33371

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists i…

Medium

CVE-2026-33372

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A cross-site request forgery (CSRF) vulnerability e…

Medium

CVE-2026-33368

Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 contains a reflected cross-site scripting (XSS) vulnerability in the Clas…

High

CVE-2025-68645

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1…