Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Zimbra is warning customers to update the Classic Web Client after discovering a critical stored XSS flaw that could let specially crafted emails execute malicious code in a user’s session. The issue can expose mailbox information, session data, and account settings, and users are advised to upgrade to Zimbra Collaboration Suite version 10.1.19. #Zimbra #ClassicWebClient #ZimbraCollaborationSuite

Keypoints

  • Zimbra fixed a critical vulnerability in the Classic Web Client.
  • The flaw is a stored XSS issue triggered by specially crafted emails.
  • Exploitation could allow arbitrary code execution in a user session.
  • Attackers could access mailbox information, session data, and account settings.
  • Users are advised to update to Zimbra Collaboration Suite version 10.1.19.

Read More: https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html