A new zero-day exploit has been identified that affects Zimbra 8.8.15. Since becoming aware of the reported vulnerability, Zimbra Engineering has verified the issue and produced a patch (for 8.8.15 p30).
Since last week we have been applying the patch to the different Zimbra services that use this version, solving any security problems that may arise.
More information about this issue here: https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
If you require more information about this problem, do not hesitate to contact our support service on our customer service portal: