Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-42093
An issue exists in Zammad prior to 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
Zammad Zammad
7.5
CVSSv2
CVE-2021-42094
An issue exists in Zammad prior to 4.1.1. Command Injection can occur via custom Packages.
Zammad Zammad
5
CVSSv2
CVE-2021-42137
An issue exists in Zammad prior to 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
Zammad Zammad
3.5
CVSSv2
CVE-2020-10099
An XSS issue exists in Zammad 3.0 up to and including 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the To...
Zammad Zammad
3.5
CVSSv2
CVE-2020-10102
An issue exists in Zammad 3.0 up to and including 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementation, the application responds differently depending on whether the input supp...
Zammad Zammad
NA
CVE-2023-31597
An issue in Zammad v5.4.0 allows malicious users to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
Zammad Zammad
4
CVSSv2
CVE-2020-26029
An issue exists in Zammad prior to 3.4.1. There are wrong authorization checks for impersonation requests via X-On-Behalf-Of. The authorization checks are performed for the actual user and not the one given in the X-On-Behalf-Of header.
Zammad Zammad
4
CVSSv2
CVE-2020-26031
An issue exists in Zammad prior to 3.4.1. The global-search feature leaks Knowledge Base drafts to Knowledge Base readers (who are authenticated but have insufficient permissions).
Zammad Zammad
3.5
CVSSv2
CVE-2020-26035
An issue exists in Zammad prior to 3.4.1. There is Stored XSS via a Tags element in a TIcket.
Zammad Zammad
5.5
CVSSv2
CVE-2020-14213
In Zammad prior to 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
Zammad Zammad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »