Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups
16-Nov-23
Four distinct parties conducted real-world attacks using a zero-day vulnerability in the Zimbra Collaboration email program to steal authentication tokens, user passwords, and email content. The majority of this activity happened after the first update was made available on GitHub, according to a report shared with The Hacker News by Google Threat Analysis Group (TAG).
This vulnerability affects versions prior to 8.8.15 Patch 41 and is tracked as CVE-2023-37580 (CVSS score: 6.1). It is a reflected cross-site scripting (XSS) vulnerability. On July 25, 2023, Zimbra published fixes that addressed it. By luring victims into clicking on a specially crafted URL, a successful exploit of this vulnerability might allow malicious scripts to be executed on their web browsers, essentially starting the XSS request to Zimbra and reflecting
