Security News > 2023 > July > Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)
A critical cross site scripting vulnerability in popular open source email collaboration suite Zimbra is being exploited by attackers.
Clément Lecigne of Google Threat Analysis Group discovered and reported this vulnerability.
Vulnerabilities - zero-days or not - in ZCS are often exploited by attackers, since Zimbra is widely used by a variety of organizations, including government agencies, universities, companies, etc.
In late 2021, a Zimbra zero-day vulnerability was exploited by Chinese hackers to target European governments.
In August 2022, CISA published an advisory about several vulnerabilities in Zimbra Collaboration Suite, mostly critical and exploited in the wild.
Later that same year, a critical remote code execution vulnerability was found being exploited in the wild by APT groups.
News URL
https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)
- Weird Zimbra Vulnerability (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)