Zimbra Collaboration prior to 8.8.15 Patch 1 is vulnerable to a non-persistent XSS via the Admin Console.
zimbra collaboration server