Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2021-42085
An issue exists in Zammad prior to 4.1.1. There is stored XSS via a custom Avatar.
Zammad Zammad
8.8
CVSSv3
CVE-2021-42086
An issue exists in Zammad prior to 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
Zammad Zammad
4.9
CVSSv3
CVE-2021-42087
An issue exists in Zammad prior to 4.1.1. An admin can discover the application secret via the API.
Zammad Zammad
6.5
CVSSv3
CVE-2021-42084
An issue exists in Zammad prior to 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
Zammad Zammad
7.5
CVSSv3
CVE-2021-42089
An issue exists in Zammad prior to 4.1.1. The REST API discloses sensitive information.
Zammad Zammad
5.4
CVSSv3
CVE-2021-42092
An issue exists in Zammad prior to 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
Zammad Zammad
9.8
CVSSv3
CVE-2021-42094
An issue exists in Zammad prior to 4.1.1. Command Injection can occur via custom Packages.
Zammad Zammad
9.8
CVSSv3
CVE-2020-26030
An issue exists in Zammad prior to 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
Zammad Zammad
5.3
CVSSv3
CVE-2020-10097
An issue exists in Zammad 3.0 up to and including 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities.
Zammad Zammad
7.5
CVSSv3
CVE-2020-10101
An issue exists in Zammad 3.0 up to and including 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »