Dossier
Zimbra
Coverage of Zimbra in the Nexus archive.
- Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra is urging customers to apply updates to address a critical security vulnerability in the Classic Web Client that could allow arbitrary code execution via stored cross-site scripting (XSS). The flaw could enable malicious scripts to run in user sessions through specially crafted emails and has not yet been assigned a CVE identifier.
- Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) servers are exposed online and vulnerable to ongoing cross-site scripting (XSS) attacks. The security flaw allows attackers to exploit these servers through malicious scripts.