CVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability. Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.

• CISA KEV-listed (remediation due 2026-04-01)
• EPSS 10.9% (93.6% percentile)

Browse the CVE database

Read the full analysis on IntelFusions