{"id":288113,"date":"2026-07-10T17:08:00","date_gmt":"2026-07-10T21:08:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/10\/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes\/"},"modified":"2026-07-10T17:45:10","modified_gmt":"2026-07-10T21:45:10","slug":"update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/10\/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes\/","title":{"rendered":"Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/195130\/hacking\/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes.html\">Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/195130\/hacking\/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes.html\">https:\/\/securityaffairs.com\/195130\/hacking\/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-10 17:08:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> July 10, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2021\/07\/zimbra.png?fit=525%2C253&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Zimbra addressed a critical stored XSS vulnerability in its Classic Web Client that lets malicious emails execute code when opened.<\/h2>\n<p class=\"wp-block-paragraph\">Zimbra has released version 10.1.19 to fix a critical stored XSS vulnerability in its Classic Web Client, which is widely used to access Zimbra Collaboration. The flaw, which has not yet received a CVE ID, can be exploited by sending specially crafted emails that execute malicious code when opened in the Classic UI. \u00a0Successful exploitation could allow attackers to access to mailbox information, session data, or account settings.<\/p>\n<p class=\"wp-block-paragraph\">\u201cThe update fixes a security issue in the Classic Web Client where a specially crafted email could run malicious code when the email is opened. If exploited, it could allow access to mailbox information, session data, or account settings.\u201d reads the advisory<\/p>\n<p class=\"wp-block-paragraph\">\u201cWe strongly recommend all customers to upgrade to ZCS v10.1.19 to ensure they have received the latest security patches, bug fixes, and enhancements.\u201d<\/p>\n<p class=\"wp-block-paragraph\">Google\u2019s Threat Analysis Group discovered the vulnerability.<\/p>\n<p class=\"wp-block-paragraph\">Although there is no evidence of active exploitation yet, organizations using the Classic Web Client should update as soon as possible.<\/p>\n<p class=\"wp-block-paragraph\">Since the beginning of 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added [1, 2, 3] the following vulnerabilities to its\u00a0Known Exploited Vulnerabilities (KEV) catalog:<\/p>\n<ul class=\"wp-block-list\">\n<li>CVE-2025-68645\u00a0(CVSS score of 8.8) Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability<\/li>\n<li>CVE-2020-7796\u00a0(CVSS score of 9.8) Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability<\/li>\n<li>CVE-2025-66376\u00a0(CVSS score of 7.2) Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerability.<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">In March, Russia-linked APT group, likely\u00a0APT28\u00a0\u00a0(aka&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/195130\/hacking\/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes https:\/\/securityaffairs.com\/195130\/hacking\/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes.html Publish Date: 2026-07-10&#8230;<\/p>\n","protected":false},"author":1,"featured_media":288114,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2021\/07\/zimbra.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,27],"class_list":["post-288113","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/288113"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=288113"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/288113\/revisions"}],"predecessor-version":[{"id":288115,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/288113\/revisions\/288115"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/288114"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=288113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=288113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=288113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}