Cross Site Scripting Vulnerability in Zimbra ZCS by Zimbra
CVE-2023-34192
Key Information:
- Vendor
- Zimbra
- Status
- Collaboration
- Vendor
- CVE Published:
- 6 July 2023
Badges
Summary
A Cross Site Scripting (XSS) vulnerability in Zimbra ZCS version 8.8.15 allows remote authenticated attackers to execute arbitrary code. This can be achieved by injecting a crafted script that targets the /h/autoSaveDraft function, potentially compromising sensitive user data and leading to unauthorized access.
CISA Reported
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Get notified when SecurityVulnerability.io launches alerting π
Well keep you posted π§
News Articles
The Hacker NewsCISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
CISA adds Microsoft Partner Center and Zimbra ZCS flaws to its KEV catalog, citing active exploitation. Federal agencies must patch by March 18 to mit
2 weeks ago
Help Net SecurityCritical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) - Help Net Security
A critical XSS vulnerability (CVE-2023-34192) in popular open source email collaboration suite Zimbra is being exploited by attackers.
References
EPSS Score
90% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π¦
CISA Reported
- πΎ
Exploit known to exist
- π°
First article discovered by Help Net Security
Vulnerability published
Vulnerability Reserved