Zimbra XSS Zeroday
Share this:
Researchers have warned the teams running the Zimbra Collaboration Suite version 8.8.15 to apply a manual fix against a recently discovered zero-day vulnerability (CVE-2023-34192) that’s being actively exploited in the wild.
The Zimbra cloud suite offers email, calendar functions, and other enterprise collaboration tools. The vulnerability compromises the security of data on Zimbra servers, the company said in its security advisory.
The reflected cross-site scripting (XSS) vulnerability was discovered by Google Threat Analysis Group (TAG) researcher Clement, and the zero-day is being targeted in the wild in a July 13 tweet.
Although Zimbra has a fix, it won’t roll out automatically until its scheduled July update, which is why the company is asking customers to manually apply a fix to all mailbox nodes.
The company urges its users take the following steps:
- Take a backup of the file /opt/zimbra/jetty/webapps/zimbra/m/momoveto
- Edit this file and go to line number 40
- Update the parameter value as below
<input name=”st” type=”hidden” value=”${fn:escapeXml(param.st)}”/> - Before the update, the line appeared as below
<input name=”st” type=”hidden” value=”${param.st}”/> - After the update, the line should appear as below:
<input name=”st” type=”hidden” value=”${fn:escapeXml(param.st)}”/>
