Conversation
I guess I have to add another item to my "reflective XSS exploited in the wild" list (still less than 5 elements though)

https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
3
2
4

@buherator LOL I have the same bias against reflected XSS 😅

0
1
0

@buherator it's the second I am aware of but I'm out of the loop in regards to breaches nowadays.

1
1
1
@ret2bed Do you have a link? I remember one affecting the issue tracker of Apache, but coldn't find it. I'm thinking about creating a tracking repo similar to AVPWN.

/cc @raptor
1
0
0

@buherator @raptor that was exactly the one I was thinking about. It's been ages. Unfortunately I don't have a link but I can check

1
1
0