Zimbra and Cisco have reported on critical security vulnerabilities impacting their respective products, reports The Hacker News. Threat actors could leverage the cross-site scripting flaw in Zimbra Collaboration Suite Version 8.8.15 to facilitate data compromise, according to Zimbra, which has already addressed the flaw via input sanitization but urged users to manually fix the bug amid the imminent arrival of a patch. Attacks exploiting the flaw have been noted by Google Threat Analysis Group researcher Maddie Stone. On the other hand, Cisco has already patched the critical SD-WAN vManage software flaw, tracked as CVE-2023-20214, which could be abused to provide read and write permissions to later enable information retrieval efforts. "A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance," said Cisco, which emphasized that there has been no evidence suggesting any active exploitation of the addressed vulnerability.