CVE-2023-37580

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 8.0.0 through 8.8.15 Patch 40 Zimbra Collaboration (ZCS) versions prior to 8.8.15 Patch 41

Description The issue is related to a Cross-Site Scripting (XSS) vulnerability in the Zimbra Classic Web Client. This vulnerability may allow a remote attacker to conduct inter-site scripting attacks. There have been real-world incidents where this issue was exploited, including a zero-day attack targeting a government organization in Greece.

Recommendations For Zimbra Collaboration (ZCS) versions 8.0.0 through 8.8.15 Patch 40, update to version 8.8.15 Patch 41 or later to resolve the issue. For Zimbra Collaboration (ZCS) versions prior to 8.8.15 Patch 41, update to version 8.8.15 Patch 41 or later to resolve the issue. As a temporary workaround, consider disabling the Zimbra Classic Web Client until a patch is available. Restrict access to the Zimbra Classic Web Client to minimize the risk of exploitation.