thrunt.me Applied Cybernetics Group

July 27, 2023 · Applied Cybernetics Group

CVE-2023-37580 — Synacor Zimbra Collaboration Suite (ZCS)

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Added to KEV
2023-07-27
Federal due date
2023-08-17
Vendor
Synacor
Product
Zimbra Collaboration Suite (ZCS)
EPSS
99.9th percentile (score 0.939, as of 2026-06-08)
NVD CVSS v3.1
Ransomware use
Unknown
Upstream
https://nvd.nist.gov/vuln/detail/CVE-2023-37580

CISA short description

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data.

Required action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

EPSS percentile is the FIRST.org exploit-probability ranking as of the date noted above; it moves daily. CVSS reflects NVD's analysis at time of publication.