Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-26032
An SSRF issue exists in Zammad prior to 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. ...
Zammad Zammad
5.8
CVSSv2
CVE-2020-26033
An issue exists in Zammad prior to 3.4.1. The Tag and Link REST API endpoints (for add and delete) lack a CSRF token check.
Zammad Zammad
4
CVSSv2
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
3.5
CVSSv2
CVE-2020-26035
An issue exists in Zammad prior to 3.4.1. There is Stored XSS via a Tags element in a TIcket.
Zammad Zammad
3.5
CVSSv2
CVE-2021-42085
An issue exists in Zammad prior to 4.1.1. There is stored XSS via a custom Avatar.
Zammad Zammad
4
CVSSv2
CVE-2021-42087
An issue exists in Zammad prior to 4.1.1. An admin can discover the application secret via the API.
Zammad Zammad
7.5
CVSSv2
CVE-2021-42090
An issue exists in Zammad prior to 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
Zammad Zammad
3.5
CVSSv2
CVE-2021-42092
An issue exists in Zammad prior to 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
Zammad Zammad
6.5
CVSSv2
CVE-2021-42093
An issue exists in Zammad prior to 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
Zammad Zammad
5
CVSSv2
CVE-2021-42137
An issue exists in Zammad prior to 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
Zammad Zammad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »