CVE-2025-66376
HIGH KEVZimbra Collaboration <10.0.18, <10.1.13 - XSS
Title source: llmDescription
Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.
References (5)
Scores
CVSS v3
7.2
EPSS
0.0005
EPSS Percentile
14.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Exploitation Intel
CISA KEV
2026-03-18
VulnCheck KEV
2026-03-17
Classification
CWE
CWE-79
Status
published
Affected Products (2)
Zimbra/Collaboration
< 10.0.18
Zimbra/Collaboration
< 10.1.13
Timeline
Published
Jan 05, 2026
KEV Added
Mar 18, 2026
Tracked Since
Feb 18, 2026