importantSYS.SOURCE: The Hacker News• 2026-07-11T12:15:55+05:30
Critical Stored XSS Vulnerability in Zimbra Classic Web Client Allows Session Hijacking
#XSS#Email Security#Zimbra#Session Hijacking#Cybersecurity
A critical stored cross-site scripting (XSS) vulnerability in Zimbra's Classic Web Client allows attackers to execute malicious code via crafted emails, risking session hijacking and data exposure. Zimbra urges users to update to version 10.1.19 to mitigate the threat.
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution.
The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier.
"The
*** END OF TRANSMISSION ***