Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad zammad vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-42085
An issue exists in Zammad prior to 4.1.1. There is stored XSS via a custom Avatar.
Zammad Zammad
4
CVSSv2
CVE-2021-42087
An issue exists in Zammad prior to 4.1.1. An admin can discover the application secret via the API.
Zammad Zammad
5
CVSSv2
CVE-2021-42089
An issue exists in Zammad prior to 4.1.1. The REST API discloses sensitive information.
Zammad Zammad
7.5
CVSSv2
CVE-2021-42090
An issue exists in Zammad prior to 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
Zammad Zammad
6.4
CVSSv2
CVE-2021-42091
An issue exists in Zammad prior to 4.1.1. SSRF can occur via GitHub or GitLab integration.
Zammad Zammad
3.5
CVSSv2
CVE-2021-42092
An issue exists in Zammad prior to 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
Zammad Zammad
6.5
CVSSv2
CVE-2021-42093
An issue exists in Zammad prior to 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
Zammad Zammad
7.5
CVSSv2
CVE-2021-42094
An issue exists in Zammad prior to 4.1.1. Command Injection can occur via custom Packages.
Zammad Zammad
5
CVSSv2
CVE-2021-42137
An issue exists in Zammad prior to 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
Zammad Zammad
3.5
CVSSv2
CVE-2020-10102
An issue exists in Zammad 3.0 up to and including 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementation, the application responds differently depending on whether the input supp...
Zammad Zammad
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »