Google TAG’s recent discovery reveals a 0-day exploit, CVE-2023-37580, targeting Zimbra Collaboration. This is a Cross-Site Scripting (XSS) vulnerability exploited in four campaigns. Zero-day discovery was patched A severe vulnerability has been discovered in the Zimbra email software. Four hacker groups exploited vulnerabilities to steal email data, user credentials, and tokens. According to the Google… Continue reading Zimbra Vulnerability Exploited in the Wild
Tag: XSS Vulnerability
Discovery of XSS vulnerability on iCloud website brought expert $5,000
Vishal Bharad, an Indian bug hunter and pentester, explained in a blog post, how he discovered an XSS vulnerability on iCloud.com. Initially, the researcher searched the site for vulnerabilities related to CSRF (Cross-Site Request Forgery), IDOR (Insecure Direct Object Reference), logical errors, and so on, but by accident discovered XSS vulnerability. The vulnerability was present… Continue reading Discovery of XSS vulnerability on iCloud website brought expert $5,000
Researcher Earned $10,000 by Finding XSS Vulnerability in Google Maps
Israeli cybersecurity specialist Zohar Shachar talked about his discovery of XSS vulnerability in Google Maps in 2019, and then found out that Google was unable to fix it from the first time. The issue was related to the Google Maps feature that allows users to create their own maps. Such maps can be exported in… Continue reading Researcher Earned $10,000 by Finding XSS Vulnerability in Google Maps