Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.
{
"cna_assigner": "mitre",
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/66xxx/CVE-2025-66376.json",
"cwe_ids": [
"CWE-79"
],
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "10.0"
},
{
"fixed": "10.0.18"
},
{
"introduced": "10.1"
},
{
"fixed": "10.1.13"
}
]
},
{
"source": "CPE_FIELD",
"extracted_events": [
{
"introduced": "10.0"
},
{
"fixed": "10.0.18"
},
{
"introduced": "10.1"
},
{
"fixed": "10.1.13"
}
]
},
{
"source": "DESCRIPTION",
"extracted_events": [
{
"introduced": "10"
},
{
"fixed": "10.0.18"
},
{
"introduced": "10.1"
},
{
"fixed": "10.1.13"
}
]
}
]
}