Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-5620
An XSS issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
4.3
CVSSv2
CVE-2017-5621
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
7.5
CVSSv2
CVE-2017-6080
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users wi...
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
7.5
CVSSv2
CVE-2017-5619
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
Zammad Zammad 1.1.0
6.8
CVSSv2
CVE-2017-6081
A CSRF issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.2
Zammad Zammad
Zammad Zammad 1.1.1
Zammad Zammad 1.2.0
4.3
CVSSv2
CVE-2019-1010018
Zammad GmbH Zammad 2.3.0 and previous versions is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1...
Zammad Zammad
Zammad Zammad 2.3.0
NA
CVE-2023-50456
An issue exists in Zammad prior to 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
NA
CVE-2023-50457
An issue exists in Zammad prior to 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
NA
CVE-2023-50453
An issue exists in Zammad prior to 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
NA
CVE-2023-50454
An issue exists in Zammad prior to 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »