Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-14214
Zammad prior to 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.
Zammad Zammad
6.1
CVSSv3
CVE-2021-42088
An issue exists in Zammad prior to 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.
Zammad Zammad
7.5
CVSSv3
CVE-2021-42089
An issue exists in Zammad prior to 4.1.1. The REST API discloses sensitive information.
Zammad Zammad
9.1
CVSSv3
CVE-2021-42091
An issue exists in Zammad prior to 4.1.1. SSRF can occur via GitHub or GitLab integration.
Zammad Zammad
7.2
CVSSv3
CVE-2021-42093
An issue exists in Zammad prior to 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
Zammad Zammad
9.8
CVSSv3
CVE-2021-42094
An issue exists in Zammad prior to 4.1.1. Command Injection can occur via custom Packages.
Zammad Zammad
5.4
CVSSv3
CVE-2020-14213
In Zammad prior to 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).
Zammad Zammad
6.1
CVSSv3
CVE-2021-35298
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
Zammad Zammad
6.1
CVSSv3
CVE-2021-35303
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote malicious users to execute arbitrary web script or HTML via the User Avatar attribute.
Zammad Zammad
4.9
CVSSv3
CVE-2020-26028
An issue exists in Zammad prior to 3.4.1. Admin Users without a ticket.* permission can access Tickets.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »