Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Zimbra Collaboration Stored Cross-Site Scripting Vulnerability via CSS @import Directives

Vulnerability

Exploited

Patched

A stored cross-site scripting vulnerability has been identified in Zimbra Collaboration (ZCS) versions 10 prior to 10.0.18 and 10.1 prior to 10.1.13. This vulnerability allows for cross-site scripting attacks in the Classic UI by exploiting Cascading Style Sheets (CSS) @import directives within HTML email messages. The issue arises from insufficient input sanitization, enabling the injection of malicious scripts that are executed when the email is viewed.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the email.

Remediation

Users can upgrade to Zimbra Collaboration 10.0.18 or 10.1.13, both of which include the necessary patch. Instructions for upgrading Zimbra can be found on the Zimbra website.

Added: Jan 5, 2026, 3:19 PM

Updated: Mar 18, 2026, 5:05 PM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.5

exploitability

8.3

remediation

7.7

relevance

1.9

threat

8.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

3.5

exploitability

8.3

remediation

7.7

relevance

1.9

threat

8.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Zimbra Collaboration Stored Cross-Site Scripting Vulnerability via CSS @import Directives

Vulnerability

Impact

Remediation

Affected Products

Zimbra Collaboration

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating