What is CVE-2023-37580?

CVE-2023-37580 is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) that impacts the confidentiality and integrity of data.

Which Zimbra Collaboration versions are affected by CVE-2023-37580?

CVE-2023-37580 affects Zimbra Collaboration versions 8.8.15-p3 to 8.8.15-p40.

How severe is CVE-2023-37580?

CVE-2023-37580 has a severity rating of 6.1 (medium).

How can I fix CVE-2023-37580?

To fix CVE-2023-37580, it is recommended to upgrade Zimbra Collaboration to a patched version provided by Zimbra.

Where can I find more information about CVE-2023-37580?

You can find more information about CVE-2023-37580 on the Zimbra Security Center and Zimbra Responsible Disclosure Policy pages.

Vulnerability/
CVE-2023-37580

Exploited

medium

6.1

CWE

27/7/2023

31/7/2023

25/2/2025

CVE-2023-37580: Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability

First published: Thu Jul 27 2023(Updated: )

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Zimbra Collaboration Suite	=8.8.15 Patch 41
Zimbra	=8.8.15-p3
Zimbra	=8.8.15-p5
Zimbra	=8.8.15-p11
Zimbra	=8.8.15-p26
Zimbra	=8.8.15-p30
Zimbra	=8.8.15-p31
Zimbra	=8.8.15-p32
Zimbra	=8.8.15-p33
Zimbra	=8.8.15-p34
Zimbra	>=8.8.0<8.8.15
Zimbra	=8.8.15-p35
Zimbra	=8.8.15-p37
Zimbra	=8.8.15-p38
Zimbra	=8.8.15-p40
Zimbra Collaboration Suite
Zimbra Collaboration Suite	>=8.8.0<8.8.15
Zimbra Collaboration Suite	=8.8.15-p11
Zimbra Collaboration Suite	=8.8.15-p26
Zimbra Collaboration Suite	=8.8.15-p3
Zimbra Collaboration Suite	=8.8.15-p30
Zimbra Collaboration Suite	=8.8.15-p31
Zimbra Collaboration Suite	=8.8.15-p32
Zimbra Collaboration Suite	=8.8.15-p33
Zimbra Collaboration Suite	=8.8.15-p34
Zimbra Collaboration Suite	=8.8.15-p35
Zimbra Collaboration Suite	=8.8.15-p37
Zimbra Collaboration Suite	=8.8.15-p38
Zimbra Collaboration Suite	=8.8.15-p40
Zimbra Collaboration Suite	=8.8.15-p5

Remedy

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Remedy

http://www.openwall.com/lists/oss-security/2023/11/17/2

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is CVE-2023-37580?
CVE-2023-37580 is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) that impacts the confidentiality and integrity of data.
Which Zimbra Collaboration versions are affected by CVE-2023-37580?
CVE-2023-37580 affects Zimbra Collaboration versions 8.8.15-p3 to 8.8.15-p40.
How severe is CVE-2023-37580?
CVE-2023-37580 has a severity rating of 6.1 (medium).
How can I fix CVE-2023-37580?
To fix CVE-2023-37580, it is recommended to upgrade Zimbra Collaboration to a patched version provided by Zimbra.
Where can I find more information about CVE-2023-37580?
You can find more information about CVE-2023-37580 on the Zimbra Security Center and Zimbra Responsible Disclosure Policy pages.

collector/oss-sec
alias/CVE-2023-37580
agent/type
agent/first-publish-date
agent/remedy
agent/title
agent/severity
agent/weakness
agent/references
agent/author
agent/trending
agent/source
collector/mitre-cve
source/MITRE
zeroday/true
agent/software-canonical-lookup-request
collector/nvd-latest
collector/nvd-index
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/description
agent/event
collector/cisa-known-exploited
source/CISA
exploited/true
agent/software-canonical-lookup
collector/nvd-api
source/NVD
collector/nvd-cve
vendor/zimbra
canonical/zimbra collaboration suite
version/zimbra collaboration suite/8.8.15 patch 41
canonical/zimbra
version/zimbra/8.8.15-p3
version/zimbra/8.8.15-p5
version/zimbra/8.8.15-p11
version/zimbra/8.8.15-p26
version/zimbra/8.8.15-p30
version/zimbra/8.8.15-p31
version/zimbra/8.8.15-p32
version/zimbra/8.8.15-p33
version/zimbra/8.8.15-p34
version/zimbra/8.8.0
version/zimbra/8.8.15-p35
version/zimbra/8.8.15-p37
version/zimbra/8.8.15-p38
version/zimbra/8.8.15-p40
vendor/synacor
version/zimbra collaboration suite/8.8.0
version/zimbra collaboration suite/8.8.15-p11
version/zimbra collaboration suite/8.8.15-p26
version/zimbra collaboration suite/8.8.15-p3
version/zimbra collaboration suite/8.8.15-p30
version/zimbra collaboration suite/8.8.15-p31
version/zimbra collaboration suite/8.8.15-p32
version/zimbra collaboration suite/8.8.15-p33
version/zimbra collaboration suite/8.8.15-p34
version/zimbra collaboration suite/8.8.15-p35
version/zimbra collaboration suite/8.8.15-p37
version/zimbra collaboration suite/8.8.15-p38
version/zimbra collaboration suite/8.8.15-p40
version/zimbra collaboration suite/8.8.15-p5

CVE-2023-37580: Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

Frequently Asked Questions

What is CVE-2023-37580?

Which Zimbra Collaboration versions are affected by CVE-2023-37580?

How severe is CVE-2023-37580?

How can I fix CVE-2023-37580?

Where can I find more information about CVE-2023-37580?

Company

Resources

Contact