Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2020-10105
An issue exists in Zammad 3.0 up to and including 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an malicious user to formulate more precise attacks. Source code was disclosed for...
Zammad Zammad
6.1
CVSSv3
CVE-2021-35298
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
Zammad Zammad
7.5
CVSSv3
CVE-2021-35299
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows malicious users to obtain sensitive information via email connection configuration probing.
Zammad Zammad
4.3
CVSSv3
CVE-2021-35300
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote malicious users to manipulate users into visiting the attackers' page.
Zammad Zammad
5.3
CVSSv3
CVE-2021-35301
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote malicious users to obtain sensitive information via the Ticket Article detail view.
Zammad Zammad
5.3
CVSSv3
CVE-2021-35302
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote malicious users to obtain sensitive information.
Zammad Zammad
6.1
CVSSv3
CVE-2021-35303
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via the User Avatar attribute.
Zammad Zammad
9.1
CVSSv3
CVE-2022-27332
An access control issue in Zammad v5.0.3 allows malicious users to write entries to the CTI caller log without authentication. This vulnerability can allow malicious users to execute phishing attacks or cause a Denial of Service (DoS).
Zammad Zammad
6.5
CVSSv3
CVE-2023-29867
Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API.
Zammad Zammad
6.5
CVSSv3
CVE-2023-29868
Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »