Critical Zimbra XSS Flaw Targets Classic Web Client
🛡️ Zimbra has released an urgent update to fix a critical stored cross-site scripting (XSS) vulnerability in its Classic Web Client that could permit arbitrary code execution via specially crafted emails. The vendor says the flaw could expose mailbox data, session information, or account settings if exploited, though no CVE has yet been assigned. Zimbra recommends updating to Zimbra Collaboration Suite version 10.1.19 to mitigate the risk.
