Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)

2023-07-17 11:39

A critical cross site scripting vulnerability in popular open source email collaboration suite Zimbra is being exploited by attackers.

Clément Lecigne of Google Threat Analysis Group discovered and reported this vulnerability.

Vulnerabilities - zero-days or not - in ZCS are often exploited by attackers, since Zimbra is widely used by a variety of organizations, including government agencies, universities, companies, etc.

In late 2021, a Zimbra zero-day vulnerability was exploited by Chinese hackers to target European governments.

In August 2022, CISA published an advisory about several vulnerabilities in Zimbra Collaboration Suite, mostly critical and exploited in the wild.

Later that same year, a critical remote code execution vulnerability was found being exploited in the wild by APT groups.

News URL

https://www.helpnetsecurity.com/2023/07/17/cve-2023-34192/

#critical #vulnerability #XSS #zimbra #CVE-2023-34192

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Zimbra		7	0	40	15	8	63

News URL

Related news

Related vendor