A critical vulnerability has been discovered in Zimbra, a widely-used collaboration tool, that allows for zero-click code execution through specially crafted emails. Zimbra announced patches for this stored cross-site scripting (XSS) flaw affecting its Classic Web Client, which could lead to unauthorized access to user data if exploited. Users are urged to upgrade to version 10.1.19, released on July 7, to mitigate this risk. The vulnerability was identified by Google's Threat Analysis Group, which focuses on threats from state-sponsored and commercial spyware actors.
Zimbra XSS flaw lets attackers take over accounts with zero click
CyberSIXT Evidence Panel
Primary Source
blog.zimbra.com
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Zimbra XSS flaw lets attackers take over accounts with zero click
www.securityweek.com
-
Zimbra patches critical XSS flaw after Google TAG discovery
cybersixt.com