First published: Thu Jul 27 2023(Updated: )
Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zimbra Collaboration email server | =8.8.15 Patch 41 | |
Zimbra Zimbra | >=8.8.0<8.8.15 | |
Zimbra Zimbra | =8.8.15-p11 | |
Zimbra Zimbra | =8.8.15-p26 | |
Zimbra Zimbra | =8.8.15-p3 | |
Zimbra Zimbra | =8.8.15-p30 | |
Zimbra Zimbra | =8.8.15-p31 | |
Zimbra Zimbra | =8.8.15-p32 | |
Zimbra Zimbra | =8.8.15-p33 | |
Zimbra Zimbra | =8.8.15-p34 | |
Zimbra Zimbra | =8.8.15-p35 | |
Zimbra Zimbra | =8.8.15-p37 | |
Zimbra Zimbra | =8.8.15-p38 | |
Zimbra Zimbra | =8.8.15-p40 | |
Zimbra Zimbra | =8.8.15-p5 | |
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-37580 is a cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite (ZCS) that impacts the confidentiality and integrity of data.
CVE-2023-37580 affects Zimbra Collaboration versions 8.8.15-p3 to 8.8.15-p40.
CVE-2023-37580 has a severity rating of 6.1 (medium).
To fix CVE-2023-37580, it is recommended to upgrade Zimbra Collaboration to a patched version provided by Zimbra.
You can find more information about CVE-2023-37580 on the Zimbra Security Center and Zimbra Responsible Disclosure Policy pages.