.. / CVE-2023-37580

Exploit for Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting (CVE-2023-37580)

Description:

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

Nuclei Template

View the template here CVE-2023-37580.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-37580.yaml
Copy

References:

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15/
https://nvd.nist.gov/vuln/detail/CVE-2023-37580
https://github.com/Zimbra/zm-web-client/pull/827
https://wiki.zimbra.com/wiki/Security_Center