THREATOPS
THREAT OPSCVEs › CVE-2025-66376

CVE-2025-66376 — Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

CISA KEVExploited: confirmedSynacor

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.

Vulnerability details

Related reporting