Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.
https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html
https://www.ic3.gov/Media/News/2024/241010.pdf
https://www.darkreading.com/cyberattacks-data-breaches/recent-zimbra-rce-under-attack-patch-now
https://thehackernews.com/2023/11/zero-day-flaw-in-zimbra-email-software.html