Email-Security
Zimbra Patches Classic Web Client Stored XSS Reported by Google TAG
Zimbra shipped 10.1.19 to fix an unauthenticated stored XSS in the Classic Web Client, reachable by simply opening a crafted email — no CVE assigned yet, reported by Google's Threat Analysis Group.