HomeIntelligenceBrief
VULNERABILITY BRIEF🔴 Critical Vulnerability

Critical Stored XSS Flaw in Zimbra Classic Web Client Could Expose Mailboxes

Zimbra patched a critical stored XSS vulnerability in its Classic Web Client (v10.1.19) that could let malicious emails execute code and steal mailbox data. The flaw highlights the need for rapid patching and evidence‑driven SOC 2 compliance.

LiveThreat™ Intelligence · 📅 July 11, 2026· 📰 securityaffairs.com
🔴
Severity
Critical
VU
Type
Vulnerability
🎯
Confidence
High
🏢
Affected
2 sector(s)
Actions
4 recommended
📰
Source
securityaffairs.com

Critical Stored XSS Flaw in Zimbra Classic Web Client Could Expose Mailboxes

What Happened — Zimbra released version 10.1.19 to patch a critical stored cross‑site scripting (XSS) vulnerability in its Classic Web Client. The flaw allows a malicious email to execute JavaScript in the victim’s browser when opened, potentially exposing mailbox contents, session tokens, and account settings. No CVE ID has been assigned yet, and there is no public evidence of active exploitation.

Why It Matters for Compliance & Audit Readiness

  • The scenario maps directly to SOC 2 CC6.1 (Logical Access) and CC7.1 (System Operations) controls that require protection against client‑side code injection and continuous monitoring of software patches.
  • Demonstrating timely remediation (patching to 10.1.19) provides audit‑ready evidence of a robust vulnerability‑management process.
  • Leveraging Verisq’s Control Mapping capability helps you align this patch‑event to your SOC 2 control matrix and generate continuous evidence for auditors.

Who Is Affected — Organizations that run Zimbra Collaboration Suite (ZCS) Classic Web Client, spanning SaaS providers, education institutions, government agencies, and any enterprise relying on on‑prem or hosted email services.

Recommended Actions

  • Verify your ZCS version; upgrade immediately to 10.1.19 or later.
  • Document the patch deployment in your change‑management system and map it to SOC 2 CC6.1/CC7.1 controls.
  • Enable web‑application firewalls or content‑security policies to mitigate XSS while patches are applied.
  • Incorporate the patch event into your continuous compliance dashboard for audit evidence.

Technical Notes — The vulnerability is a stored XSS in the Classic UI that triggers when a specially crafted email is opened. Exploitation can harvest credentials, session tokens, 2FA codes, and up to 90 days of mailbox data. Google’s Threat Analysis Group discovered the issue; related CVEs (e.g., CVE‑2025‑66376) have been previously exploited by APT28 in phishing campaigns. Source: SecurityAffairs

📰 Original Source
https://securityaffairs.com/195130/hacking/update-now-critical-zimbra-classic-web-client-flaw-could-expose-mailboxes.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Trust Operations

Every gap like this maps to a control you can evidence.

The Verisq AI Trust Operations platform maps incidents to your control framework and collects the evidence continuously — so your Trust Center shows proof, not promises, when a buyer or auditor asks.

Explore the Verisq AI Trust Operations platform →