2 matches found
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud...
CVE-2021-35208
CVE-2021-35208 affects Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23 (and 9.x before 9.0.0 Patch 16). The vulnerable component is ZmMailMsgView.js in the Calendar Invite feature, where HTML containing executable JavaScript placed in element attributes can be injected and rendered as arb...