"Critical XSS Vulnerability in Zimbra Exploited in the Wild"

Attackers are exploiting a critical cross site scripting (XSS) vulnerability tracked as CVE-2023-34192 in the open source email collaboration suite Zimbra. The vulnerability could enable an authenticated remote threat actor to execute arbitrary code via a specially crafted script to the /h/autoSaveDraft function. This vulnerability affects Zimbra Collaboration Suite (ZCS) version 8.8.15. The organization has provided administrators with instructions on how to manually implement the fix by editing a single data file. ZCS vulnerabilities, whether zero-day or otherwise, are often exploited by attackers, as government agencies, universities, businesses, and more widely use Zimbra. This article continues to discuss the potential exploitation and impact of the XSS vulnerability in Zimbra.

Help Net Security reports "Critical XSS Vulnerability in Zimbra Exploited in the Wild"