Zimbra announced a patch for a critical stored XSS vulnerability affecting its Classic Web Client. Attackers could exploit this flaw to execute malicious code via specially crafted emails, leading to potential data theft. Customers using the Classic Web Client are urged to upgrade to version 10.1.19 to secure their systems.
The Zimbra security team has identified a critical vulnerability affecting the Classic Web Client of the Zimbra Collaboration suite. This vulnerability allows attackers to execute stored cross-site scripting (XSS) attacks via specially crafted emails.
In response to the threat, Zimbra released version 10.1.19 on Tuesday, which addresses the XSS flaw. The vulnerability has not yet received a CVE ID, making tracking its status more challenging for users and security professionals.
If exploited, the vulnerability could allow attackers to access session data, account settings, and mailbox information. Threat actors may launch attacks specifically targeting users of the Classic Web Client, which continues to be widely used despite the availability of a modern client.
Zimbra's Classic Web Client is utilized by millions, including businesses and government agencies, making it an attractive target for cybercriminals. Russian state-sponsored hacking groups, such as the Winter Vivern group and APT29, have previously exploited vulnerabilities in Zimbra systems, underscoring the urgency of this patch.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
Zimbra announced a patch for a critical stored XSS vulnerability affecting its Classic Web Client. Attackers could exploit this flaw to execute malicious code via specially crafted emails, leading to potential data theft. Customers using the Classic Web Client are urged to upgrade to version 10.1.19 to secure their systems.