A critical cross site scripting (XSS) vulnerability (CVE-2023-34192) in popular open source email collaboration suite Zimbra is being exploited by attackers. About the vulnerability (CVE-2023-34192) CVE-2023-34192 could allow a remote authenticated threat actor to execute arbitrary code through a crafted script to the /h/autoSaveDraft function. It affects Zimbra Collaboration Suite (ZCS) v.8.8.15. The company has provided admins with instruction on how to apply the fix manually, by editing a single data file. “This vulnerability has … More
The post Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) appeared first on Help Net Security.