Security News > 2023 > July > Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)
2023-07-17 11:39

A critical cross site scripting vulnerability in popular open source email collaboration suite Zimbra is being exploited by attackers.

Clément Lecigne of Google Threat Analysis Group discovered and reported this vulnerability.

Vulnerabilities - zero-days or not - in ZCS are often exploited by attackers, since Zimbra is widely used by a variety of organizations, including government agencies, universities, companies, etc.

In late 2021, a Zimbra zero-day vulnerability was exploited by Chinese hackers to target European governments.

In August 2022, CISA published an advisory about several vulnerabilities in Zimbra Collaboration Suite, mostly critical and exploited in the wild.

Later that same year, a critical remote code execution vulnerability was found being exploited in the wild by APT groups.


News URL

https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zimbra 7 0 39 16 8 63