[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fhWT41peIwfh71QDY3rFxQ6C7PZHyCNSzzFvcaRVR634":3},{"article":4,"iocs":36},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":23,"category":24,"article_tags":28},"efe3d342-6330-41d9-a1cb-00d24af7c227","Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions","critical-zimbra-flaw-could-let-crafted-emails-run-malicious-code-in-user-session-276434","Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. \"The","Zimbra is urging customers to update their Classic Web Client due to a critical stored cross-site scripting (XSS) vulnerability. This flaw allows specially crafted emails to execute malicious scripts within a user's session, potentially leading to access of mailbox information, session data, or account settings. While no exploitation in the wild has been confirmed, Zimbra has a history of XSS vulnerabilities being targeted.","Zimbra Classic Web Client has a critical stored XSS flaw allowing code execution via crafted emails.","Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions Ravie LakshmananJul 11, 2026Vulnerability \u002F Email Security Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution. The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier. \"The update fixes a security issue in the Classic Web Client where a specially crafted email could run malicious code when the email is opened,\" Zimbra said. \"If exploited, it could allow access to mailbox information, session data, or account settings.\" XSS vulnerabilities occur when an application includes untrusted data in a web page without proper validation or escaping. This allows attackers to inject and execute malicious JavaScript in victims' browsers, which can result in session hijacking, credential theft, and account compromise. Stored XSS, or persistent XSS, is a type of XSS flaw where the injected script is permanently stored on the target servers in a database in the form of a seemingly harmless comment or a forum post, causing any site visitor to be compromised as soon as the page containing the JavaScript is loaded on their web browser. Although Zimbra makes no mention of the vulnerability being exploited in the wild, XSS flaws in Zimbra have been an attack magnet for years, with bad actors attempting to weaponize such vulnerabilities as far back as December 2021. Last October, a stored XSS flaw in the Classic Web Client (CVE-2025-27915, CVSS Score: 5.4) was alleged to have been exploited as a zero-day in attacks targeting the Brazilian military, although Zimbra told The Hacker News at the time that it found no evidence to back it up. Other XSS flaws that have been exploited by threat actors include CVE-2023-37580 and CVE-2024-27443. Given its high potential for abuse, users are recommended to update to Zimbra Collaboration Suite version 10.1.19 for optimal protection. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  Application Security, browser security, Code Execution, Cross-site Scripting, email security, enterprise security, Vulnerability, Web Security ⚡ Top Stories This Week 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP\u002F3 Servers Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices New \"Bad Epoll\" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices European Parliament Member Investigating Spyware Was Hacked With Pegasus ⭐ Featured Resources What 200+ Security Teams Reveal About Using IP Intelligence in 2026 Get Hands-On SANS Training for Today’s Cyber Defense and Offensive Security Challenges See What’s Really Exposed Across Your IT, OT, IoT, Cloud, and Mobile Assets Get Gartner’s Guide to AI Agent Supervision and Runtime Controls","https:\u002F\u002Fthehackernews.com\u002F2026\u002F07\u002Fcritical-zimbra-flaw-could-let-crafted_0483473395.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEirVz95zYTg61VRro9unfJCWWwwUrv3pQdtyNT7rPL8iCg6n0S6bky4dqPiluQHfSvQMIO9cyYgrz-07ZCx8yG_qND_J9XJ_0BoUON9p3zj0etafNvjg45txAeu4uCDEMxGDNv2tIxNuqrC0OsKG_sWZp5QIlEkbqZ_g_EEcAdXUQbuo_EgsXwT3mERTTk\u002Fs1600\u002Fzimbra-email-hack.jpg","2026-07-11T06:45:55+00:00","2026-07-11T08:00:07.404438+00:00",8,[18,21],{"name":19,"type":20},"Zimbra Collaboration Suite","product",{"name":22,"type":20},"Classic Web Client","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":23,"icon":25,"name":26,"slug":27},null,"Vulnerabilities","vulnerabilities",[29,31],{"category":30},{"id":23,"icon":25,"name":26,"slug":27},{"category":32},{"id":33,"icon":25,"name":34,"slug":35},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[37,41,44],{"type":38,"value":39,"context":40},"cve","CVE-2025-27915","Previous stored XSS flaw in Zimbra Classic Web Client",{"type":38,"value":42,"context":43},"CVE-2023-37580","Previously exploited XSS flaw in Zimbra",{"type":38,"value":45,"context":43},"CVE-2024-27443"]