There is a newly identified cross-site scripting vulnerability in the Zimbra Collaboration Suite that Google researchers discovered being used in a targeted attack recently.
Clement Lecigne of Google’s Threat Analysis Group observed an attacker using the vulnerability in a targeted attack and reported the bug to Zimbra, which is planning to release a patch for it later in July. Right now, no automated fix is available, and the company said that organizations running the affected version, 8.8.15, can apply a manual fix is they don’t want to wait until the patch is released.
“This vulnerability has been actively exploited, making it imperative to take immediate action. We strongly recommend following the provided mitigation steps without delay,” the Zimbra advisory says.
“The issue has been fixed through input sanitization. We have also performed rigorous testing to ensure the effectiveness and stability of the system. The fix is planned to be delivered in the July patch release.”
The vulnerability (CVE-2023-34192) only affects version 8.8.15 of the Zimbra Collaboration Suite, which is used widely in enterprises and other organizations for email and collaboration.