Skip to main content

Tag: cross site scripting

7 articles

Laptop screen shows brightly-lit email inbox with subtle hint of security threat.

Zimbra Warns of Stored XSS Flaw in Classic Web Client

Zimbra is urging customers to update their Classic Web Client immediately due to a critical vulnerability that could allow hackers to access sensitive mailbox information and execute malicious code via specially crafted emails. Installing the update, specifically upgrading to Zimbra Collaboration Suite version 10.1.19, will help protect against this threat.

Analyst 207
Office setting with laptop showing blurred email inbox on screen.

Microsoft Fixes Zero-Day Flaw in Exchange Server Exploited in Attacks

Microsoft has patched a high-severity flaw in Exchange Server, known as CVE-2026-42897, which allowed hackers to execute malicious JavaScript in victims' browsers simply by sending a specially crafted email. This zero-day vulnerability was actively exploited in attacks, putting Outlook Web Access users at risk.

Analyst 207
Conference organizer working on laptop in quiet office with city view.

Security Researcher Exploits Flaw in Pretalx Conference Tool

A security researcher recently uncovered a vulnerability in pretalx, a popular conference tool, that could let hackers inject malicious code into an organizer's interface, putting sensitive data at risk. This flaw, known as a stored cross-site scripting vulnerability, could be triggered through simple search queries.

Analyst 207
Server room with a prominent Microsoft Exchange Server setup under ordinary lighting.

Microsoft Exchange Servers Targeted in Active Exploitation

Microsoft has sounded the alarm on a critical vulnerability in on-premise Exchange Servers, known as CVE-2026-42897, that's currently being exploited by hackers - and the company is urging affected users to act fast. A temporary fix is in place, with a permanent patch on the way.

Analyst 207
Rack-mounted servers and network equipment in a dimly lit server room.

Microsoft Warns of Severe Zero-Day Flaw in On-Prem Exchange Servers

Microsoft just sounded the alarm on a severe zero-day flaw in on-prem Exchange servers, warning that a high-severity vulnerability could let attackers send malicious code to victims via specially crafted emails. This flaw, tracked as CVE-2026-42897, has already been automatically mitigated if the EM Service is enabled, which it is by default.

Analyst 207
Rack of servers with a prominent Exchange Server device and nearby laptop in a brightly-lit data center.

Microsoft Exchange Servers Targeted by Active CVE-2026-42897 Exploit

Microsoft warns of a high-severity vulnerability, CVE-2026-42897, in its Exchange Servers, allowing attackers to spoof network communications via a cleverly crafted email. This cross-site scripting flaw has been actively exploited, earning a concerning CVSS score of 8.1.

Analyst 207
Laptop screen shows an open email message in a brightly-lit office setting.

Zimbra Servers Targeted in Ongoing XSS Attacks

Beware of sneaky phishing emails that can hijack your Zimbra server with just a glance - no clicks or downloads required. A single malicious email can trigger a cross-site scripting attack, thanks to a recently patched vulnerability, CVE-2025-48700.

Analyst 207