Home / Jul 12, 2026 / Story
0
#4 The Hacker News general July 11, 2026 at 06:45 UTC

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

By [email protected] (The Hacker News)

AI Summary

Zimbra has issued an urgent patch for a critical stored XSS vulnerability in the Zimbra Collaboration Classic Web Client that allows specially crafted emails to execute arbitrary JavaScript in a victim's authenticated session. The flaw has not yet been assigned a CVE and affects organizations relying on the Classic Web Client interface for enterprise email.

Relevance score: 78.0/100

# More from July 12