Back to KEVs

CVE-2023-34192

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to...

Basic Information

CVE State
PUBLISHED
Reserved Date
May 30, 2023
Published Date
July 06, 2023
Last Updated
February 25, 2025
Vendor
n/a
Product
n/a
Description
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

CVSS Scores

SSVC Information

Exploitation
active
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2025-02-25 00:00:00 UTC) Source

References

https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

Known Exploited Vulnerability Information

Source Added Date
CISA 2025-02-25 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-34192.yaml 2025-04-26 00:00:00 UTC