securityaffairs.com 7/10/2026, 9:31:41 PM · external

Zimbra patches critical XSS flaw after Google TAG discovery

Zimbra patches critical XSS flaw after Google TAG discovery
CyberSIXT Evidence Panel
Primary Source blog.zimbra.com

ZIMBRA has released version 10.1.19 to address a critical stored XSS vulnerability in its Classic Web Client, which allows malicious emails to execute harmful code when opened. This vulnerability can lead to unauthorized access to mailbox information, session data, and account settings. Although there is currently no evidence of exploitation, organizations are urged to update promptly to mitigate risks. The issue was discovered by Google’s Threat Analysis Group. The U.S.

Cybersecurity and Infrastructure Security Agency (CISA) has noted several Zimbra vulnerabilities in its Known Exploited Vulnerabilities catalog, some of which have been exploited by APT groups in targeted attacks.

View Primary Source Via securityaffairs.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline