Plan
active
Critical Stored XSS in Zimbra Classic Web Client Enables Code Execution
- Engineer — Plan: If you run Zimbra Classic Web Client, apply the vendor-issued update promptly — stored XSS via crafted email is a practical account-takeover vector, but no public PoC or active exploitation is confirmed yet.
- SOC/IR — Skip
- Leader — Skip
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.