all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)

Add to bookmarks
July 17, 2023, 11:39 a.m. | Helga Labus

Help Net Security www.helpnetsecurity.com

A critical cross site scripting (XSS) vulnerability (CVE-2023-34192) in popular open source email collaboration suite Zimbra is being exploited by attackers. About the vulnerability (CVE-2023-34192) CVE-2023-34192 could allow a remote authenticated threat actor to execute arbitrary code through a crafted script to the /h/autoSaveDraft function. It affects Zimbra Collaboration Suite (ZCS) v.8.8.15. The company has provided admins with instruction on how to apply the fix manually, by editing a single data file. “This vulnerability has … More


The post …

0 day actor attackers code collaboration critical cross site scripting cve don't miss email exploited function hot stuff open source popular script scripting security update synacor threat threat actor vulnerability xss zimbra zimbra collaboration suite

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Adaptive Shield unveils SaaS security for AI 3 hours ago | www.helpnetsecurity.com
adaptive shield and response applications apps +28
Onyxia launches AI-powered predictive insights to optimize security management 4 hours ago | www.helpnetsecurity.com
address ai-powered can challenges +24
Island raises $175 million at $3 billion valuation 4 hours ago | www.helpnetsecurity.com
capital coatue financing funding +10
Synopsys Polaris Assist automates repetitive, time-consuming tasks for security and development teams 4 hours ago | www.helpnetsecurity.com
ai-powered application application security assistant +30
FCC fines major wireless carriers over illegal location data sharing 4 hours ago | www.helpnetsecurity.com
access att carriers communications +26
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades 5 hours ago | www.helpnetsecurity.com
alto attackers aware concept +24
Cybersixgill Third-Party Intelligence module identifies potential supply chain risks 5 hours ago | www.helpnetsecurity.com
action cyber cybersecurity cybersixgill +25
ESET launches two MDR subscription tiers for SMBs and enterprises 8 hours ago | www.helpnetsecurity.com
and response businesses detection detection and response +15
ThreatX provides always-active API security from development to runtime 8 hours ago | www.helpnetsecurity.com
api api security application application protection +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Threat Analysis Engineer

@ Gen | IND - Tamil Nadu, Chennai
View on infosec-jobs.com

Head of Security

@ Hippocratic AI | Palo Alto
View on infosec-jobs.com

IT Security Vulnerability Management Specialist (15.10)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com

Security Engineer - Netskope/Proofpoint

@ Sainsbury's | Coventry, West Midlands, United Kingdom
View on infosec-jobs.com

Journeyman Cybersecurity Analyst

@ ISYS Technologies | Kirtland AFB, NM, United States
View on infosec-jobs.com
View more jobs