Tag: cross site scripting
7 articles

Zimbra Warns of Stored XSS Flaw in Classic Web Client
Zimbra is urging customers to update their Classic Web Client immediately due to a critical vulnerability that could allow hackers to access sensitive mailbox information and execute malicious code via specially crafted emails. Installing the update, specifically upgrading to Zimbra Collaboration Suite version 10.1.19, will help protect against this threat.

Microsoft Fixes Zero-Day Flaw in Exchange Server Exploited in Attacks
Microsoft has patched a high-severity flaw in Exchange Server, known as CVE-2026-42897, which allowed hackers to execute malicious JavaScript in victims' browsers simply by sending a specially crafted email. This zero-day vulnerability was actively exploited in attacks, putting Outlook Web Access users at risk.

Security Researcher Exploits Flaw in Pretalx Conference Tool
A security researcher recently uncovered a vulnerability in pretalx, a popular conference tool, that could let hackers inject malicious code into an organizer's interface, putting sensitive data at risk. This flaw, known as a stored cross-site scripting vulnerability, could be triggered through simple search queries.

Microsoft Exchange Servers Targeted in Active Exploitation
Microsoft has sounded the alarm on a critical vulnerability in on-premise Exchange Servers, known as CVE-2026-42897, that's currently being exploited by hackers - and the company is urging affected users to act fast. A temporary fix is in place, with a permanent patch on the way.

Microsoft Warns of Severe Zero-Day Flaw in On-Prem Exchange Servers
Microsoft just sounded the alarm on a severe zero-day flaw in on-prem Exchange servers, warning that a high-severity vulnerability could let attackers send malicious code to victims via specially crafted emails. This flaw, tracked as CVE-2026-42897, has already been automatically mitigated if the EM Service is enabled, which it is by default.

Microsoft Exchange Servers Targeted by Active CVE-2026-42897 Exploit
Microsoft warns of a high-severity vulnerability, CVE-2026-42897, in its Exchange Servers, allowing attackers to spoof network communications via a cleverly crafted email. This cross-site scripting flaw has been actively exploited, earning a concerning CVSS score of 8.1.

Zimbra Servers Targeted in Ongoing XSS Attacks
Beware of sneaky phishing emails that can hijack your Zimbra server with just a glance - no clicks or downloads required. A single malicious email can trigger a cross-site scripting attack, thanks to a recently patched vulnerability, CVE-2025-48700.