Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad 1.1.2 vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-5621
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
7.5
CVSSv2
CVE-2017-6080
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users wi...
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
4.3
CVSSv2
CVE-2017-5620
An XSS issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
6.8
CVSSv2
CVE-2017-6081
A CSRF issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.2
Zammad Zammad
Zammad Zammad 1.1.1
Zammad Zammad 1.2.0
7.5
CVSSv2
CVE-2017-5619
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
Zammad Zammad 1.1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started