CuraSec

Plan active

Critical Stored XSS in Zimbra Classic Web Client Enables Code Execution

2026-07-11 11:49 UTC · The Hacker News · read the source ↗ #zimbra#stored-xss#email-security
  • Engineer — Plan: If you run Zimbra Classic Web Client, apply the vendor-issued update promptly — stored XSS via crafted email is a practical account-takeover vector, but no public PoC or active exploitation is confirmed yet.
  • SOC/IR — Skip
  • Leader — Skip
This entry was curated and judged by AI (Claude) with automated enrichment (CISA KEV / EPSS / public PoC). Verify against the original source before acting. Found a bad verdict? Report it — confirmed errors go to the corrections log.