Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-5621
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
6.8
CVSSv2
CVE-2017-6081
A CSRF issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.2
Zammad Zammad
Zammad Zammad 1.1.1
Zammad Zammad 1.2.0
4.3
CVSSv2
CVE-2017-5620
An XSS issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
7.5
CVSSv2
CVE-2017-6080
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users wi...
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
7.5
CVSSv2
CVE-2017-5619
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
Zammad Zammad 1.1.0
4.3
CVSSv2
CVE-2019-1010018
Zammad GmbH Zammad 2.3.0 and previous versions is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1...
Zammad Zammad
Zammad Zammad 2.3.0
NA
CVE-2023-50453
An issue exists in Zammad prior to 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
NA
CVE-2023-50454
An issue exists in Zammad prior to 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
NA
CVE-2023-50455
An issue exists in Zammad prior to 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
NA
CVE-2023-50456
An issue exists in Zammad prior to 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977
IMAP
local users
CVE-2024-32038
CVE-2023-49963
CVE-2023-22869
CVE-2024-31497
local
CVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »