7 matches found
Winter Vivern APT targets EU with Zimbra flaw
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Winter Vivern abuses CVE-2022-27926 to attack public Zimbra webmail portals of government entities. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...
Winter Vivern APT Targets European Government Entities with Zimbra Vulnerability
The advanced persistent threat APT actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals tha...
CVE-2022-27926
creationtimestamp| type| source ---|---|--- 2023-03-30 13:10:31+00:00| seen| MISP/f6514ab9-c7ca-4a21-a3c5-8cffbc6e32db 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-02-29 13:50:13+00:00| seen| MISP/0f810383-867c-42c6-ba59-2c5e4cfacbce 2024-12-24 20:34:05+00:00|...
VulnCheck KEV: CVE-2022-27926
Synacor Zimbra Collaboration Suite ZCS contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing...
CVE-2022-27926
Zimbra Collaboration (ZCS) 9.0 is affected by a reflected XSS in /public/launchNewWindow.jsp that allows unauthenticated attackers to execute arbitrary script or HTML via request parameters. The issue is confirmed across multiple sources (NVD/Nuclei/CISA KEV/CNVD) with the impact described as cli...
CVE-2022-27926
A reflected cross-site scripting XSS vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration aka ZCS 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters...
CVE-2022-27926
A reflected cross-site scripting XSS vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration aka ZCS 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters...