www.securityweek.com 7/13/2026, 10:21:46 AM · external

Zimbra XSS flaw lets attackers take over accounts with zero click

Zimbra XSS flaw lets attackers take over accounts with zero click
Developing story vulnerability 2 articles tracked
Zimbra patches critical stored XSS vulnerability in Classic Web Client
CyberSIXT Evidence Panel
Primary Source blog.zimbra.com

A critical vulnerability has been discovered in Zimbra, a widely-used collaboration tool, that allows for zero-click code execution through specially crafted emails. Zimbra announced patches for this stored cross-site scripting (XSS) flaw affecting its Classic Web Client, which could lead to unauthorized access to user data if exploited. Users are urged to upgrade to version 10.1.19, released on July 7, to mitigate this risk. The vulnerability was identified by Google's Threat Analysis Group, which focuses on threats from state-sponsored and commercial spyware actors.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline