Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that could allow attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information.

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-79

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories
https://nvd.nist.gov/vuln/detail/CVE-2025-48700

Cybersecurity Alerts

CVE-2025-48700

Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability

Required Action

Weakness Classification

References