Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA ‘Must Patch’ List
04-Apr-23
A Zimbra vulnerability used by Russian hackers in assaults against NATO nations has been added to the “Must Fix” list by the US Cybersecurity and Infrastructure Security Agency (CISA). The bug is listed as a reflected cross-site scripting (XSS) bug in Zimbra Collaboration version 9.0 and is tagged as CVE-2022-27926 (CVSS score of 6.1).
Due to this flaw, an endpoint URL may accept parameters without sanitization, giving an unauthorised attacker the ability to design request parameters that would trigger the execution of arbitrary HTML or web scripts.
