A vulnerability in Synacor Zimbra Collaboration allows an attacker to perform remote indirect code injection (Cross-Site Scripting - XSS).