Zimbra is warning customers to update the Classic Web Client after discovering a critical stored XSS flaw that could let specially crafted emails execute malicious code in a userβs session. The issue can expose mailbox information, session data, and account settings, and users are advised to upgrade to Zimbra Collaboration Suite version 10.1.19. #Zimbra #ClassicWebClient #ZimbraCollaborationSuite
Keypoints
- Zimbra fixed a critical vulnerability in the Classic Web Client.
- The flaw is a stored XSS issue triggered by specially crafted emails.
- Exploitation could allow arbitrary code execution in a user session.
- Attackers could access mailbox information, session data, and account settings.
- Users are advised to update to Zimbra Collaboration Suite version 10.1.19.
Read More: https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html