Zimbra versions prior to 8.7 suffer from cross site request forgery vulnerabilities in the administrative interface.
d6689d77ee727b28e003d53bf04a4ea2dd4a9bd53747584c37e1020955d450ec
Zimbra versions 8.0.9 GA and below suffer from a cross site request forgery vulnerability.
0da0fe882cf7354bdf4be9e8dafb2bb44b40c75b431e52698d358584cb94db05