Zimbra, a popular email and collaboration suite, has released patches for a cross-site scripting (XSS) vulnerability, tracked as CVE-2023-37580, that has been exploited in malicious attacks. The vulnerability was disclosed earlier this month, and in-the-wild exploitation had been observed. Zimbra has now issued software updates for its Collaboration Suite versions 8.8.15, 9.0.0, and 10.0.x, with the fix for the XSS vulnerability included in version 8.8.15 patch 41. The update also addresses two other vulnerabilities, CVE-2023-38750 and CVE-2023-0464. The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-37580 to its Known Exploited Vulnerabilities Catalog and issued a directive requiring federal agencies to apply the available fixes by August 17, 2023.
Read more: https://www.securityweek.com/zimbra-patches-exploited-zero-day-vulnerability/