Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-29868
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
Zammad Zammad
490
VMScore
CVE-2020-14213
In Zammad prior to 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
Zammad Zammad
516
VMScore
CVE-2020-14214
Zammad prior to 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.
Zammad Zammad
445
VMScore
CVE-2020-10096
An issue exists in Zammad 3.0 up to and including 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sens...
Zammad Zammad
312
VMScore
CVE-2020-10099
An XSS issue exists in Zammad 3.0 up to and including 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the To...
Zammad Zammad
356
VMScore
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
383
VMScore
CVE-2021-35298
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
Zammad Zammad
445
VMScore
CVE-2021-35299
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows malicious users to obtain sensitive information via email connection configuration probing.
Zammad Zammad
445
VMScore
CVE-2021-35301
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote malicious users to obtain sensitive information via the Ticket Article detail view.
Zammad Zammad
356
VMScore
CVE-2020-26028
An issue exists in Zammad prior to 3.4.1. Admin Users without a ticket.* permission can access Tickets.
Zammad Zammad
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »