vulnerability

Zimbra Collaboration: CVE-2024-38356: Collaboration: Cross-site Scripting

Severity	CVSS	Published	Added	Modified
6	(AV:N/AC:M/Au:N/C:P/I:P/A:N)	Jun 19, 2024	Jan 20, 2025	Feb 6, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:P/A:N)

Published

Jun 19, 2024

Added

Jan 20, 2025

Modified

Feb 6, 2026

Description

A Cross-Site Scripting (XSS) vulnerability in TinyMCE was addressed in the upgrade from version 7.1.1 to 7.2.0

zimbra-collaboration-upgrade-latest

NEW

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.