CVE-2023-37580

{"id": "CVE-2023-37580", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2023-07-31T16:15:10.327", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/11/17/2", "tags": ["Mailing List", "Patch"], "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Security_Center", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2023/11/17/2", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.zimbra.com/wiki/Security_Center", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-37580", "tags": ["US Government Resource"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client."}], "lastModified": "2025-10-31T14:43:05.200", "cisaActionDue": "2023-08-17", "cisaExploitAdd": "2023-07-27", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0696BCE7-5351-4B01-9593-BA8BFB2D3A9E", "versionEndExcluding": "8.8.15", "versionStartIncluding": "8.8.0"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p11:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7822D273-C2CB-4EFE-B929-3D34C65E005E"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BC02B35-7FC4-41AB-8D2E-2CD1896D84C6"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EF2EE32D-04A5-46EA-92F0-3C8D74A4B82A"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p30:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50FB0099-0495-4735-9398-7F7E657F459B"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p31:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAE2858A-6D9E-4D79-AFA6-69C44D6D8C75"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p32:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50A296BC-6DA4-41B2-923A-0633566AD6C1"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p33:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C066ED38-1175-48FB-BE05-BE0C19E9EBE7"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p34:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89B3EF32-B474-44DB-AE30-CD308CDC5A77"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p35:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9ECCB00-F3F4-4EB7-9FD0-4CB64678B129"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p37:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "518662DA-C0F3-4875-86D7-5ED2B2496CC8"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p38:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B28BE5-F35D-4AB0-A321-CEAE21BC26FF"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p40:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D2D6DBD-560A-4F8E-B2CC-67A564C460A3"}, {"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:8.8.15:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9A1314A-20C8-42D7-9387-D914999EEAF6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaVulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability"}