SECURITYTHE HACKER NEWS
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra is urging customers to apply updates to address a critical security vulnerability in the Classic Web Client that could allow arbitrary code execution via stored cross-site scripting (XSS). The flaw could enable malicious scripts to run in user sessions through specially crafted emails and has not yet been assigned a CVE identifier.
Mentioned
Related Signal
Adjacent reporting
- Exploited Exchange Server flaw turns OWA inboxes into script launchpads
- Microsoft warns of Exchange zero-day flaw exploited in attacks
- 'TrustFall' Exposes Claude Code Execution Risk
- New Veeam vulnerability exposes backup servers to RCE attacks
- Microsoft patches Exchange Server zero-day exploited in attacks