Security News > 2023 > July > Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)
A critical cross site scripting vulnerability in popular open source email collaboration suite Zimbra is being exploited by attackers.
Clément Lecigne of Google Threat Analysis Group discovered and reported this vulnerability.
Vulnerabilities - zero-days or not - in ZCS are often exploited by attackers, since Zimbra is widely used by a variety of organizations, including government agencies, universities, companies, etc.
In late 2021, a Zimbra zero-day vulnerability was exploited by Chinese hackers to target European governments.
In August 2022, CISA published an advisory about several vulnerabilities in Zimbra Collaboration Suite, mostly critical and exploited in the wild.
Later that same year, a critical remote code execution vulnerability was found being exploited in the wild by APT groups.
News URL
https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/
Related news
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (source)