Zimbra has released version 10.1.19 to fix a critical stored XSS vulnerability in its Classic Web Client, which is widely used to access Zimbra Collaboration. The flaw, which has not yet received a CVE ID, can be exploited by sending specially crafted emails that execute malicious code when opened in the Classic UI. Successful exploitation could allow attackers to access to mailbox information, se...
