CVE-2025-66376

⚠ KEVEPSS 10.9%

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability

Added to CISA KEV: 3/18/2026

Description

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.

Affected packages (0)

No package mapping in OSV.