Email platform Zimbra issues hotfix for XSS vulnerability under active exploitation