Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-50457
An issue exists in Zammad prior to 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
6.1
CVSSv3
CVE-2018-1000154
Zammad GmbH Zammad version 2.3.0 and previous versions contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java s...
Zammad Zammad
4.3
CVSSv3
CVE-2022-27331
An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users.
Zammad Zammad
6.5
CVSSv3
CVE-2021-42084
An issue exists in Zammad prior to 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
Zammad Zammad
8.8
CVSSv3
CVE-2021-42086
An issue exists in Zammad prior to 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
Zammad Zammad
6.1
CVSSv3
CVE-2021-42088
An issue exists in Zammad prior to 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.
Zammad Zammad
7.5
CVSSv3
CVE-2021-42089
An issue exists in Zammad prior to 4.1.1. The REST API discloses sensitive information.
Zammad Zammad
9.8
CVSSv3
CVE-2021-42090
An issue exists in Zammad prior to 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
Zammad Zammad
9.1
CVSSv3
CVE-2021-42091
An issue exists in Zammad prior to 4.1.1. SSRF can occur via GitHub or GitLab integration.
Zammad Zammad
5.4
CVSSv3
CVE-2021-42092
An issue exists in Zammad prior to 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5248
CVE-2024-3110
CVE-2024-5552
CVE-2024-29415
HTML injection
CVE-2024-3095
TCP
type confusion
CVE-2024-1800
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »