CVE-2023-34192

🗓️ 06 Jul 2023 00:00:00Reported by mitreType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 203 Views🌐 WEB

CVE-2023-34192 Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows remote authenticated attacker to execute arbitrary code

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2023-34192	6 Jul 202300:00	–	attackerkb
Circl	CVE-2023-34192	6 Jul 202320:20	–	circl
CISA KEV Catalog	Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability	25 Feb 202500:00	–	cisa_kev
CISA	CISA Adds Two Known Exploited Vulnerabilities to Catalog	25 Feb 202512:00	–	cisa
CNNVD	Synacor Zimbra Collaboration Server 跨站脚本漏洞	6 Jul 202300:00	–	cnnvd
Cvelist	CVE-2023-34192	6 Jul 202300:00	–	cvelist
Nuclei	Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting	3 Jun 202606:04	–	nuclei
NVD	CVE-2023-34192	6 Jul 202316:15	–	nvd
OSV	CVE-2023-34192	6 Jul 202316:15	–	osv
Prion	Cross site scripting	6 Jul 202316:15	–	prion

NVD

Node

synacor zimbra_collaboration_suiteMatch8.8.15-

synacor zimbra_collaboration_suiteMatch8.8.15p1

synacor zimbra_collaboration_suiteMatch8.8.15p10

synacor zimbra_collaboration_suiteMatch8.8.15p11

synacor zimbra_collaboration_suiteMatch8.8.15p12

synacor zimbra_collaboration_suiteMatch8.8.15p13

synacor zimbra_collaboration_suiteMatch8.8.15p14

synacor zimbra_collaboration_suiteMatch8.8.15p15

synacor zimbra_collaboration_suiteMatch8.8.15p16

synacor zimbra_collaboration_suiteMatch8.8.15p17

synacor zimbra_collaboration_suiteMatch8.8.15p18

synacor zimbra_collaboration_suiteMatch8.8.15p19

synacor zimbra_collaboration_suiteMatch8.8.15p2

synacor zimbra_collaboration_suiteMatch8.8.15p20

synacor zimbra_collaboration_suiteMatch8.8.15p21

synacor zimbra_collaboration_suiteMatch8.8.15p22

synacor zimbra_collaboration_suiteMatch8.8.15p23

synacor zimbra_collaboration_suiteMatch8.8.15p24

synacor zimbra_collaboration_suiteMatch8.8.15p25

synacor zimbra_collaboration_suiteMatch8.8.15p26

synacor zimbra_collaboration_suiteMatch8.8.15p27

synacor zimbra_collaboration_suiteMatch8.8.15p28

synacor zimbra_collaboration_suiteMatch8.8.15p29

synacor zimbra_collaboration_suiteMatch8.8.15p3

synacor zimbra_collaboration_suiteMatch8.8.15p30

synacor zimbra_collaboration_suiteMatch8.8.15p31

synacor zimbra_collaboration_suiteMatch8.8.15p31.1

synacor zimbra_collaboration_suiteMatch8.8.15p32

synacor zimbra_collaboration_suiteMatch8.8.15p33

synacor zimbra_collaboration_suiteMatch8.8.15p34

synacor zimbra_collaboration_suiteMatch8.8.15p35

synacor zimbra_collaboration_suiteMatch8.8.15p36

synacor zimbra_collaboration_suiteMatch8.8.15p37

synacor zimbra_collaboration_suiteMatch8.8.15p38

synacor zimbra_collaboration_suiteMatch8.8.15p39

synacor zimbra_collaboration_suiteMatch8.8.15p4

synacor zimbra_collaboration_suiteMatch8.8.15p5

synacor zimbra_collaboration_suiteMatch8.8.15p6

synacor zimbra_collaboration_suiteMatch8.8.15p7

synacor zimbra_collaboration_suiteMatch8.8.15p8

synacor zimbra_collaboration_suiteMatch8.8.15p9

Source	Link
wiki	www.wiki.zimbra.com/wiki/Security_Center
wiki	www.wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy
wiki	www.wiki.zimbra.com/wiki/Zimbra_Security_Advisories
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

Parameter	Position	Path	Description	CWE
script	request body	/h/autoSaveDraft	Cross Site Scripting in Zimbra ZCS v.8.8.15 via crafted script to the /h/autoSaveDraft function	CWE-79

27 Oct 2025 14:45Current

8.6High risk

Vulners AI Score8.6

CVSS 3.19

EPSS0.90009

SSVC