Skip to the content.

XSS Zeroday in Zimbra

07 Feb 2022 - Boaz Braaksma

On the third of February 2022 the first publication of a Zero-day XSS Vulnerability in Zimbra was published on the internet. The DIVD opened case DIVD-2022-00008 to address this vulnerability in Zimbra that results in the threat actor being able to run arbitrary JavaScript in the context of the user’s Zimbra session.

In the coming days the DIVD will be scanning worldwide to identify vulnerable versions of Zimbra and send notifications to our information sharing partners and individual network administrators


Last modified: 20 Jun 2022 07:35