In Zimbra Collaboration prior to 8.8.15 Patch 1, there is a non-persistent XSS vulnerability.
zimbra collaboration server
zimbra collaboration server 8.8.15