Hello Zimbra Friends, Customers & Partners,
|Summary||CVE-ID||CVSS Score||Zimbra Rating||Fix Patch Version|
|XSS through malicious JS embedded in Mail Message or Calendar Event||CVE-2020-11737||3.1||Minor||9.0.0 P2|
For Zimbra 9.0.0 patches, you don’t need to download any patch builds. The patch packages can be installed using Linux package management commands. Please refer to the release notes for Zimbra 9.0.0 Patch 2 installation on Red Hat and Ubuntu platforms.
Note: Installing a zimbra-patch package only updates the Zimbra core packages.
Your Zimbra Team