Warning: CVE-2023-38750 Zimbra ZCS XSS Vulnerability
Zimbra Collaboration (ZCS)
Cross-Site Scripting (XSS) Vulnerability
An actively exploited zero-day vulnerability tracked as CVE-2023-38750 was found in the Zimbra Collaboration (ZCS). Successful exploitation could impact the confidentiality and integrity of data.
On July 13th, 2023, Zimbra warned customers of an actively exploited vulnerability in Zimbra Collaboration (ZCS). Zimbra urged customers to apply mitigations to version 8.8.15. This vulnerability was discovered by Clément Lecigne of Google Threat Analysis Group (TAG).
On July 26th, 2023, Zimbra released an update to address CVE-2023-38750.
CVE-2023-37580 is a Cross-Site Scripting (XSS) Vulnerability that could lead to exposure of internal JSP and XML files.
The Centre for Cybersecurity Belgium recommends system administrators to patch vulnerable systems as soon as possible and to analyse system and network logs for any suspicious activity.
Update the installation the latest version available on: https://wiki.zimbra.com/wiki/Security_Center
- ZCS 10.0.2
- ZCS 9.0.0 Patch 34
- ZCS 8.8.15 Patch 41