Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad 1.1.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-6081
A CSRF issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.2
Zammad Zammad
Zammad Zammad 1.1.1
Zammad Zammad 1.2.0
6.1
CVSSv3
CVE-2017-5620
An XSS issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
9.8
CVSSv3
CVE-2017-6080
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users wi...
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
9.8
CVSSv3
CVE-2017-5619
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
Zammad Zammad 1.1.0
6.1
CVSSv3
CVE-2017-5621
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started