Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-10103
An XSS issue exists in Zammad 3.0 up to and including 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploa...
Zammad Zammad
445
VMScore
CVE-2021-35301
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote malicious users to obtain sensitive information via the Ticket Article detail view.
Zammad Zammad
NA
CVE-2023-31597
An issue in Zammad v5.4.0 allows malicious users to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
Zammad Zammad
383
VMScore
CVE-2018-1000154
Zammad GmbH Zammad version 2.3.0 and previous versions contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java s...
Zammad Zammad
356
VMScore
CVE-2020-29159
An issue exists in Zammad prior to 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
Zammad Zammad
NA
CVE-2023-29867
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
Zammad Zammad
490
VMScore
CVE-2020-14213
In Zammad prior to 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
Zammad Zammad
516
VMScore
CVE-2020-14214
Zammad prior to 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.
Zammad Zammad
356
VMScore
CVE-2020-29158
An issue exists in Zammad prior to 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
Zammad Zammad
445
VMScore
CVE-2020-29160
An issue exists in Zammad prior to 3.5.1. A REST API call allows an malicious user to change Ticket Article data in a way that defeats auditing.
Zammad Zammad
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »