Zimbra patches zero-day vulnerability exploited in XSS attacks


Zimbra has published security upgrades that repair a zero-day flaw that was used in attacks against the Zimbra Collaboration Suite (ZCS) email servers two weeks after the initial discovery. hazard actors can use XSS attacks to steal sensitive data or run malicious code on defenceless systems, which poses a serious hazard.

The security weakness, which is now listed as CVE-2023-38750, was found by Google Threat Analysis Group security researcher Clément Lecigne as a mirrored Cross-Site Scripting (XSS). While Google TAG’s Maddie Stone confirmed that the vulnerability was identified while being used in a targeted assault, Zimbra did not mention that the zero-day was also being exploited in the wild when it first disclosed the issue and advised customers to manually repair it.

Read More…