Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-42085
An issue exists in Zammad prior to 4.1.1. There is stored XSS via a custom Avatar.
Zammad Zammad
4.9
CVSSv3
CVE-2021-42087
An issue exists in Zammad prior to 4.1.1. An admin can discover the application secret via the API.
Zammad Zammad
7.2
CVSSv3
CVE-2021-42093
An issue exists in Zammad prior to 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
Zammad Zammad
6.5
CVSSv3
CVE-2023-31597
An issue in Zammad v5.4.0 allows malicious users to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
Zammad Zammad
4.3
CVSSv3
CVE-2020-29158
An issue exists in Zammad prior to 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
Zammad Zammad
4.9
CVSSv3
CVE-2020-29159
An issue exists in Zammad prior to 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
Zammad Zammad
6.5
CVSSv3
CVE-2020-26029
An issue exists in Zammad prior to 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.
Zammad Zammad
9.8
CVSSv3
CVE-2020-26030
An issue exists in Zammad prior to 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
Zammad Zammad
4.3
CVSSv3
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
6.1
CVSSv3
CVE-2021-35298
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »