Critical Zimbra Web Client Flaw Allows Malicious Emails to Execute Code

Zimbra has released security updates to address a critical stored cross-site scripting (XSS) vulnerability in its Classic Web Client that could allow specially crafted emails to execute malicious code when opened. Successful exploitation could expose mailbox contents, session data, and account settings by executing attacker-controlled JavaScript within a user’s authenticated session. Although there is currently no evidence of active exploitation, Zimbra has previously been a frequent target of XSS-based attacks, making timely patching especially important. Organizations are advised to upgrade to Zimbra Collaboration Suite version 10.1.19 to mitigate the risk and protect against potential account compromise.

Reference: thehackernews.com