AI description
CVE-2023-34192 is a cross-site scripting (XSS) vulnerability found in Synacor Zimbra Collaboration Suite (ZCS). It allows a remote, authenticated attacker to execute arbitrary code by sending a specially crafted script to the `/h/autoSaveDraft` function. This vulnerability affects ZCS version 8.8.15. The vulnerability was patched in July 2023 with the release of version 8.8.15 Patch 40. The fix involves sanitizing user input to prevent malicious script execution. Administrators were also provided with instructions to manually patch the vulnerability by editing a specific data file. While there are no public reports of exploitation as of today (February 26, 2025), CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation. Federal Civilian Executive Branch agencies are required to patch this vulnerability by March 18, 2025.
- Description
- Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.
- Source
- cve@mitre.org
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 9
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability
- Exploit added on
- Feb 25, 2025
- Exploit action due
- Mar 18, 2025
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/fsiCPwS00I…)
@nathy_hackers
1 Apr 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/Uld9sf1RzZ…)
@John08987
31 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/eL6mIN6wAi…)
@digital_hack6
27 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/UFdvAPacWg…)
@recoverythreata
27 Mar 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/28uWAZuGes…)
@EthicalHack21
23 Mar 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/zzUxb93uRV…)
@Cyber_Recover12
22 Mar 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/zzUxb93uRV…)
@Cyber_Recover12
21 Mar 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/NIu1skgdgd…)
@JOE_HACKER1
20 Mar 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/aTTn63279U…)
@Mr_James_Cyber
20 Mar 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/aTTn63279U…)
@Mr_James_Cyber
20 Mar 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/5EhdO34zav…)
@Recoverytheate
20 Mar 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/NIu1skgdgd…)
@JOE_HACKER1
20 Mar 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/fU7P8x4DGz…)
@Herbert_Termux
19 Mar 2025
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/EWaMDc2cR9…)
@help_center11
11 Mar 2025
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/JVRhmHVpR1…)
@savana_recovery
10 Mar 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-49035, CVE-2023-34192
@transilienceai
9 Mar 2025
73 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🔎 VulnWatch Friday: CVE-2023-34192 🔓 @CISAgov has added a critical @Zimbra XSS vulnerability allowing remote code execution via crafted script to its KEV catalog. 🔧 Fix: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services. htt
@kpoireault
7 Mar 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-49035, CVE-2023-34192
@transilienceai
28 Feb 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Actively exploited CVE : CVE-2024-49035, CVE-2023-34192
@transilienceai
28 Feb 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/6jycjWiyri…)
@AdrianT_ech
27 Feb 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-34192 #Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability https://t.co/PRQR26SrLx
@ScyScan
26 Feb 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔐 CISA has just added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—both actively exploited. Hook: Microsoft Partner Center’s CVE-2024-49035 and Synacor ZCS’s CVE-2023-34192 are putting organizations at risk. Read the full article:… https://
@TheHackersNews
26 Feb 2025
34078 Impressions
31 Retweets
89 Likes
11 Bookmarks
1 Reply
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3810385E-95E8-491E-8281-394125DB04F4"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C08B5A0A-2935-4FEB-9133-4B35E1AB0CDB"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C"
},
{
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73"
}
],
"operator": "OR"
}
]
}
]