Zimbra patched a flaw that let hackers hijack accounts just by sending an email

https://www.techspot.com/images2/news/ts3_thumbs/2026/07/2026-07-13-ts3_thumbs-317.jpg

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

Facepalm: Popular collaboration platform Zimbra was recently updated to patch a potentially dangerous vulnerability in its Classic Web Client component. In theory, malicious actors could abuse the flaw to run script-based malware directly on users' machines. Needless to say, customers are advised to install the update as soon as possible.

Zimbra owner Synacor has released a new version of its collaboration software, and users should install the update as soon as they can. Zimbra "Daffodil" 10.1.19 includes a fix for a stored cross-site scripting (XSS) vulnerability that could be exploited to compromise customers' machines through Zimbra's Classic Web Client.

Cybercriminals could abuse the flaw by sending specially malformed email messages, Zimbra said. A vulnerable client would run the malicious code the moment the message is opened. While the company rates the deployment risk...

Copyright of this story solely belongs to techspot.com. To see the full text click HERE

Read more