Security News > 2023 > July > Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)
A critical cross site scripting vulnerability in popular open source email collaboration suite Zimbra is being exploited by attackers.
Clément Lecigne of Google Threat Analysis Group discovered and reported this vulnerability.
Vulnerabilities - zero-days or not - in ZCS are often exploited by attackers, since Zimbra is widely used by a variety of organizations, including government agencies, universities, companies, etc.
In late 2021, a Zimbra zero-day vulnerability was exploited by Chinese hackers to target European governments.
In August 2022, CISA published an advisory about several vulnerabilities in Zimbra Collaboration Suite, mostly critical and exploited in the wild.
Later that same year, a critical remote code execution vulnerability was found being exploited in the wild by APT groups.
News URL
https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/
Related news
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- GitLab warns of critical pipeline execution vulnerability (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
- Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks (source)
- CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns (source)
- PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) (source)
- Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers (source)
- Researchers Warn of Ongoing Attacks Exploiting Critical Zimbra Postjournal Flaw (source)
- Critical Zimbra RCE flaw exploited to backdoor servers using emails (source)