Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-50457
An issue exists in Zammad prior to 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
4.3
CVSSv3
CVE-2020-29158
An issue exists in Zammad prior to 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
Zammad Zammad
4.9
CVSSv3
CVE-2020-29159
An issue exists in Zammad prior to 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended.
Zammad Zammad
7.5
CVSSv3
CVE-2020-29160
An issue exists in Zammad prior to 3.5.1. A REST API call allows an malicious user to change Ticket Article data in a way that defeats auditing.
Zammad Zammad
6.1
CVSSv3
CVE-2021-35298
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
Zammad Zammad
7.5
CVSSv3
CVE-2021-35299
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows malicious users to obtain sensitive information via email connection configuration probing.
Zammad Zammad
5.3
CVSSv3
CVE-2021-35301
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote malicious users to obtain sensitive information via the Ticket Article detail view.
Zammad Zammad
5.3
CVSSv3
CVE-2021-35302
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote malicious users to obtain sensitive information.
Zammad Zammad
6.1
CVSSv3
CVE-2018-1000154
Zammad GmbH Zammad version 2.3.0 and previous versions contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java s...
Zammad Zammad
6.5
CVSSv3
CVE-2021-42084
An issue exists in Zammad prior to 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »