Security · 2h ago
Critical Zimbra XSS Flaw Lets Emails Execute Code in User Sessions
Zimbra disclosed a stored cross-site scripting vulnerability in its Classic Web Client that allows specially crafted emails to execute malicious scripts in a user's session. The flaw could lead to arbitrary code execution, though no CVE has been assigned yet. Users are urged to apply updates immediately.
Meridian48 take
The lack of a CVE identifier is concerning, but the severity of a stored XSS in an email client warrants immediate patching.
Read the full reporting
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions →
The Hacker News
zimbraxss-vulnerability