Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-6081
A CSRF issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.2
Zammad Zammad
Zammad Zammad 1.1.1
Zammad Zammad 1.2.0
9.8
CVSSv3
CVE-2017-6080
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users wi...
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
6.1
CVSSv3
CVE-2017-5621
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
9.8
CVSSv3
CVE-2017-5619
An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
Zammad Zammad
Zammad Zammad 1.1.0
6.1
CVSSv3
CVE-2017-5620
An XSS issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
Zammad Zammad
Zammad Zammad 1.1.0
Zammad Zammad 1.1.1
Zammad Zammad 1.1.2
Zammad Zammad 1.2.0
6.1
CVSSv3
CVE-2019-1010018
Zammad GmbH Zammad 2.3.0 and previous versions is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1...
Zammad Zammad
Zammad Zammad 2.3.0
5.3
CVSSv3
CVE-2023-50453
An issue exists in Zammad prior to 6.2.0. It uses the public endpoint /api/v1/signshow for its login screen. This endpoint returns internal configuration data of user object attributes, such as selectable values, which should not be visible to the public.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
5.9
CVSSv3
CVE-2023-50454
An issue exists in Zammad prior to 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
7.5
CVSSv3
CVE-2023-50455
An issue exists in Zammad prior to 6.2.0. Due to lack of rate limiting in the "email address verification" feature, an attacker could send many requests for a known address to cause Denial Of Service (generation of many emails, which would also spam the victim).
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
5.3
CVSSv3
CVE-2023-50456
An issue exists in Zammad prior to 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254
CVE-2024-32515
CVE-2024-21338
validation
CVE-2024-32522
dos
CVE-2024-2101
CVE-2024-21107
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »