CVE-2008-1226

Multiple cross-site scripting XSS vulnerabilities in Zimbra Collaboration Suite ZCS 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a 1 .jpg or 2 .gif image attachment...