Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2021-35301
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote malicious users to obtain sensitive information via the Ticket Article detail view.
Zammad Zammad
6.1
CVSSv3
CVE-2021-35303
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via the User Avatar attribute.
Zammad Zammad
5.3
CVSSv3
CVE-2020-10097
An issue exists in Zammad 3.0 up to and including 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.
Zammad Zammad
5.4
CVSSv3
CVE-2020-10098
An XSS issue exists in Zammad 3.0 up to and including 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.
Zammad Zammad
7.5
CVSSv3
CVE-2020-10101
An issue exists in Zammad 3.0 up to and including 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.
Zammad Zammad
5.3
CVSSv3
CVE-2020-10102
An issue exists in Zammad 3.0 up to and including 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementation, the application responds differently depending on whether the input supp...
Zammad Zammad
6.5
CVSSv3
CVE-2023-29867
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
Zammad Zammad
9.1
CVSSv3
CVE-2022-27332
An access control issue in Zammad v5.0.3 allows malicious users to write entries to the CTI caller log without authentication. This vulnerability can allow malicious users to execute phishing attacks or cause a Denial of Service (DoS).
Zammad Zammad
5.4
CVSSv3
CVE-2020-14213
In Zammad prior to 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
Zammad Zammad
6.5
CVSSv3
CVE-2020-14214
Zammad prior to 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »