< BACK TO NEWS
importantSYS.SOURCE: The Hacker News2026-07-11T12:15:55+05:30

Critical Stored XSS Vulnerability in Zimbra Classic Web Client Allows Session Hijacking

#XSS#Email Security#Zimbra#Session Hijacking#Cybersecurity

A critical stored cross-site scripting (XSS) vulnerability in Zimbra's Classic Web Client allows attackers to execute malicious code via crafted emails, risking session hijacking and data exposure. Zimbra urges users to update to version 10.1.19 to mitigate the threat.

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution.

The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier.

"The

Read original article

*** END OF TRANSMISSION ***

> U.S. STRUGGLES TO ACHIEVE DOMESTIC PRODUCTION OF MEDICAL GLOVES DESPITE $1 BILLION INVESTMENT> CRITICAL STORED XSS VULNERABILITY IN ZIMBRA CLASSIC WEB CLIENT ALLOWS SESSION HIJACKING> SECURE AUTHENTICATION TOKEN STORAGE STRATEGIES TO PREVENT XSS EXPLOITS> SOVIET-ERA CONTROL ROOMS: A NOSTALGIC LOOK AT ANALOG TECHNOLOGY> CISA ADMITS DEVELOPING INCIDENT RESPONSE PLAYBOOK MID-EVENT DURING SECURITY BREACH> PHIA FACES ALLEGATIONS OF COOKIE STUFFING IN AFFILIATE MARKETING PRACTICES> META DISCONTINUES AI PHOTO-EDITING FEATURE ON INSTAGRAM AMID USER BACKLASH> RELATIVISTIC EFFECTS ALTER TRIPLE BOND STRUCTURES IN HEAVY ELEMENTS: BROWN UNIVERSITY STUDY> TONI SCHNEIDER APPOINTED PERMANENT CEO OF BLUESKY> APPLE FILES LAWSUIT AGAINST OPENAI FOR ALLEGED MISAPPROPRIATION OF TRADE SECRETS> U.S. STRUGGLES TO ACHIEVE DOMESTIC PRODUCTION OF MEDICAL GLOVES DESPITE $1 BILLION INVESTMENT> CRITICAL STORED XSS VULNERABILITY IN ZIMBRA CLASSIC WEB CLIENT ALLOWS SESSION HIJACKING> SECURE AUTHENTICATION TOKEN STORAGE STRATEGIES TO PREVENT XSS EXPLOITS> SOVIET-ERA CONTROL ROOMS: A NOSTALGIC LOOK AT ANALOG TECHNOLOGY> CISA ADMITS DEVELOPING INCIDENT RESPONSE PLAYBOOK MID-EVENT DURING SECURITY BREACH> PHIA FACES ALLEGATIONS OF COOKIE STUFFING IN AFFILIATE MARKETING PRACTICES> META DISCONTINUES AI PHOTO-EDITING FEATURE ON INSTAGRAM AMID USER BACKLASH> RELATIVISTIC EFFECTS ALTER TRIPLE BOND STRUCTURES IN HEAVY ELEMENTS: BROWN UNIVERSITY STUDY> TONI SCHNEIDER APPOINTED PERMANENT CEO OF BLUESKY> APPLE FILES LAWSUIT AGAINST OPENAI FOR ALLEGED MISAPPROPRIATION OF TRADE SECRETS