CVE-2021-35207
CVE-2021-35207 reports an XSS in the Zimbra Web Client login component. A attacker could inject executable JavaScript via the loginErrorCode parameter in the login URL to trigger client-side script execution. Affected software includes Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23 and 9...