1 story taggedXSS.
A stored cross-site scripting bug in Zimbra's Classic Web Client can hijack a user's session the moment a rigged email is opened.