Vulnerability detail

Enriched intelligence for a single CVE

9.0

CVSS
Critical

CVE-2023-34192

PUBLISHED

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to...

Exploited in the wild Remote Low complexity

Vendor: Zimbra
Product: Zimbra Collaboration Suite
Published: Jul 06, 2023
EPSS: —

Description

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

cisa nuclei_scanner nessus_scanner

CVSS scores

CVSS v3.1 9.0 Critical

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2025-02-25 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Feb 25, 2025

Scanner integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-34192.yaml	Apr 25, 2025
Nessus	https://www.tenable.com/plugins/nessus/178617	Jul 20, 2023

Timeline

CVE ID Reserved

May 30, 2023
CVE Published to Public

July 06, 2023
Detected by Nessus

July 20, 2023
Added to KEVIntel

February 25, 2025
Detected by Nuclei

April 25, 2025