Threat Advisories - NVD Disclosed January 5, 2026

CVE-2025-66376

Zimbra Collaboration Cross-Site Scripting Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A cross-site scripting vulnerability in Zimbra Collaboration Suite's Classic UI allows attackers to inject malicious code via specially crafted HTML emails, potentially leading to unauthorized data access and system manipulation. This impacts organizations by creating a risk to data integrity and user privacy. Affected

NVD published: January 5, 2026 • CISA KEV