Zimbra 10.1.19 patches Classic Web Client stored XSS, TAG-reported
Zimbra shipped Daffodil 10.1.19 on July 7 to fix a stored XSS in the Classic Web Client where a crafted email runs JavaScript in the recipient's mailbox session. Reporter: Google TAG. No CVE assigned.