CVE-2023-37580

MEDIUMNVD 6.19.0▲Trending — 4 sources updated this weekExploited in the wild

6.1

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

CVSS v3: 6.1
EG Score: 9.0(high)
EPSS: 99.0%
KEV: ⚠ Exploited

Published

July 31, 2023

Last Modified

October 31, 2025

Advisory Details (4)

Auto-updated Jun 13, 2026

⚠️ Active exploitation confirmed. Patch available. Sources: cisa.

cisa Patch Available🔴 Active Exploitation

Known Exploited Vulnerabilities Catalog | CISA

Known Exploited Vulnerabilities Catalog | CISA. Listed in CISA Known Exploited Vulnerabilities catalog.

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-37580

generic

Zimbra Responsible Disclosure Policy - Zimbra :: Tech Center

https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy

generic🔴 Active Exploitation

Security Center - Zimbra :: Tech Center

https://wiki.zimbra.com/wiki/Security_Center

generic🔴 Active Exploitation

oss-security - CVE-2023-37580 (and others): XSS vulnerabilities in Zimbra Collaboration Suite

http://www.openwall.com/lists/oss-security/2023/11/17/2

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-79Cross-site Scripting (XSS)

Data Freshness Timeline

(refreshed 102× in last 7d / 334× in last 30d)

Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.

Showing the most recent 100 of 338 total refreshes for this CVE.

2026-06-24 08:34 UTCEG score recompute
2026-06-24 08:33 UTCGHSA enrichment
2026-06-24 04:44 UTCEG score recompute
2026-06-24 04:43 UTCGHSA enrichment
2026-06-24 00:53 UTCEG score recompute
2026-06-24 00:53 UTCGHSA enrichment
2026-06-23 21:31 UTCEPSS rescore
2026-06-23 21:31 UTCEPSS rescore
2026-06-23 21:04 UTCEG score recompute
2026-06-23 21:03 UTCGHSA enrichment
2026-06-23 17:44 UTCCISA KEV update
2026-06-23 17:11 UTCEG score recompute
2026-06-23 17:10 UTCGHSA enrichment
2026-06-23 13:21 UTCEG score recompute
2026-06-23 13:20 UTCGHSA enrichment
2026-06-23 09:30 UTCEG score recompute
2026-06-23 09:29 UTCGHSA enrichment
2026-06-23 05:40 UTCEG score recompute
2026-06-23 05:39 UTCGHSA enrichment
2026-06-23 01:50 UTCEG score recompute
2026-06-23 01:50 UTCGHSA enrichment
2026-06-22 22:00 UTCEG score recompute
2026-06-22 22:00 UTCGHSA enrichment
2026-06-22 18:11 UTCEG score recompute
2026-06-22 18:10 UTCGHSA enrichment

Show 75 more

2026-06-22 14:24 UTCEPSS rescore
2026-06-22 14:24 UTCEPSS rescore
2026-06-22 14:21 UTCEG score recompute
2026-06-22 14:21 UTCGHSA enrichment
2026-06-22 10:31 UTCEG score recompute
2026-06-22 10:31 UTCGHSA enrichment
2026-06-22 06:42 UTCEG score recompute
2026-06-22 06:42 UTCGHSA enrichment
2026-06-22 02:52 UTCEG score recompute
2026-06-22 02:52 UTCGHSA enrichment
2026-06-21 23:01 UTCEG score recompute
2026-06-21 23:01 UTCGHSA enrichment
2026-06-21 19:11 UTCEG score recompute
2026-06-21 19:11 UTCGHSA enrichment
2026-06-21 15:21 UTCEG score recompute
2026-06-21 15:20 UTCGHSA enrichment
2026-06-21 14:55 UTCEPSS rescore
2026-06-21 14:55 UTCEPSS rescore
2026-06-21 11:30 UTCEG score recompute
2026-06-21 11:30 UTCGHSA enrichment
2026-06-21 07:40 UTCEG score recompute
2026-06-21 07:40 UTCGHSA enrichment
2026-06-21 03:51 UTCEG score recompute
2026-06-21 03:50 UTCGHSA enrichment
2026-06-21 01:58 UTCEPSS rescore
2026-06-21 01:58 UTCEPSS rescore
2026-06-20 23:59 UTCEG score recompute
2026-06-20 23:59 UTCGHSA enrichment
2026-06-20 20:09 UTCEG score recompute
2026-06-20 20:08 UTCGHSA enrichment
2026-06-20 16:19 UTCEG score recompute
2026-06-20 16:18 UTCGHSA enrichment
2026-06-20 12:27 UTCEG score recompute
2026-06-20 12:26 UTCGHSA enrichment
2026-06-20 08:36 UTCEG score recompute
2026-06-20 08:36 UTCGHSA enrichment
2026-06-20 04:47 UTCEG score recompute
2026-06-20 04:46 UTCGHSA enrichment
2026-06-20 00:57 UTCEG score recompute
2026-06-20 00:57 UTCGHSA enrichment
2026-06-19 21:06 UTCEG score recompute
2026-06-19 21:05 UTCGHSA enrichment
2026-06-19 17:15 UTCEG score recompute
2026-06-19 17:15 UTCGHSA enrichment
2026-06-19 13:23 UTCEG score recompute
2026-06-19 13:23 UTCGHSA enrichment
2026-06-19 09:33 UTCEG score recompute
2026-06-19 09:33 UTCGHSA enrichment
2026-06-19 05:44 UTCEG score recompute
2026-06-19 05:43 UTCGHSA enrichment
2026-06-19 01:53 UTCEG score recompute
2026-06-19 01:53 UTCGHSA enrichment
2026-06-18 22:02 UTCEG score recompute
2026-06-18 22:02 UTCGHSA enrichment
2026-06-18 18:11 UTCEG score recompute
2026-06-18 18:11 UTCGHSA enrichment
2026-06-18 17:51 UTCEPSS rescore
2026-06-18 17:51 UTCEPSS rescore
2026-06-18 16:13 UTCCISA KEV update
2026-06-18 14:21 UTCEG score recompute
2026-06-18 14:21 UTCGHSA enrichment
2026-06-18 10:30 UTCEG score recompute
2026-06-18 10:29 UTCGHSA enrichment
2026-06-18 06:39 UTCEG score recompute
2026-06-18 06:39 UTCGHSA enrichment
2026-06-18 02:49 UTCEG score recompute
2026-06-18 02:48 UTCGHSA enrichment
2026-06-17 22:59 UTCEG score recompute
2026-06-17 22:59 UTCGHSA enrichment
2026-06-17 19:10 UTCEG score recompute
2026-06-17 19:10 UTCGHSA enrichment
2026-06-17 17:51 UTCEPSS rescore
2026-06-17 17:51 UTCEPSS rescore
2026-06-17 15:21 UTCEG score recompute
2026-06-17 15:21 UTCGHSA enrichment

Publicly available exploits

(1 reference)

Working exploit code is in the public domain. Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

Nucleihttp/cves/2023/CVE-2023-37580.yaml
First seen Jan 1, 2023
Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting
Open source ↗

Frequently asked(6)

What is CVE-2023-37580?

CVE-2023-37580 is a medium vulnerability published on July 31, 2023. Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.

When was CVE-2023-37580 disclosed?

CVE-2023-37580 was first published in the National Vulnerability Database on July 31, 2023, with the most recent update on October 31, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2023-37580 actively exploited?

Yes. CISA added CVE-2023-37580 to the Known Exploited Vulnerabilities catalog on July 27, 2023, affecting Synacor Zimbra Collaboration Suite (ZCS). KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2023-37580?

CVE-2023-37580 has a CVSS v3 base score of 6.1 (NVD). EchelonGraph synthesises NVD + CISA KEV + FIRST EPSS + GHSA into a combined EG score of 9.0.

Which products are affected by CVE-2023-37580?

CVE-2023-37580 affects Synacor Zimbra Collaboration Suite (ZCS). The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2023-37580?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2023-37580, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

Explore the affected products and dependency analysis for CVE-2023-37580

Explore →

Is Your Infrastructure Affected by CVE-2023-37580?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2023-37580

📅 Published

🔄 Last Modified

📋 Advisory Details (4)