CVE-2021-35208

Due /hashtag/vulnerabilità?src=hashtag_click ((CVE-2021-35208 e CVE-2021-35209) lasciano i server #webmail /Zimbra aperti agli attacchi.

"Two critical vulnerabilities, CVE-2021-35208 and CVE-2021-35209, in the Zimbra enterprise webmail solution could allow an attacker to compromise and obtain persistent access to business email accounts." https://t.co/IniUtssMnC?amp=1

NEW: CVE-2021-35208 An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable Ja... (click for more) Severity: MEDIUM https://t.co/mgZH4K2Lfa?amp=1

If you're using Zimbra for webmail services, remember to patch your version to avoid risk of compromise. Researchers found 2 vulns: XSS - CVE-2021-35208 and SSF - CVE-2021-35209 #zimbra #bug #infosec

Zimbra epasta programmatūrā izlabotas būtiskas ievainojamības. Webmail interfeisā atklātais XSS (CVE-2021-35208) ļāva lejupielādēt lietotāja epastus, savukārt SSRF (CVE-2021-35209), deva iespēju pilnībā pārņemt kontroli pār serveri: https://t.co/umatLRW0bm?amp=1 /hashtag/ITDrošība?src=hashtag_click /hashtag/DatuDrošība?src=hashtag_click

Mail sunucusunda yeni iki zafiyet tespit edilmiş, mecbur sunucuyu güncelledim. CVE-2021-35208 CVE-2021-35209

ALERTA PARA SERVIDOR DE CORREOS ZIMBRA CVE-2021-35208 y CVE-2021-35209 Se identifican 2 #vulnerabilidades en Zimbra que pueden comprometer al servidor. Acá te compartimos más información! #ciberseguridad #zimbra

Zimbra #vulnerabilities can enable unauthorized access to its 8.8.15 #webmail servers. Details: https://t.co/p1s2b1CtRi?amp=1 #Zimbra #XSS #SSRF #Threatfeeds #SecureBlink #CVE-2021-35208 #CVE-2021-35209

CVE-2021-35208 An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup .… https://t.co/fXWA76Lwhc?amp=1

CVE-2021-35208 An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup .… https://t.co/fXWA76Lwhc?amp=1