Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zammad vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv3
CVE-2023-50457
An issue exists in Zammad prior to 6.2.0. When listing tickets linked to a knowledge base answer, or knowledge base answers of a ticket, a user could see entries for which they lack permissions.
Zammad Zammad 6.1.0
Zammad Zammad 6.2.0
5.4
CVSSv3
CVE-2021-42085
An issue exists in Zammad prior to 4.1.1. There is stored XSS via a custom Avatar.
Zammad Zammad
8.8
CVSSv3
CVE-2021-42086
An issue exists in Zammad prior to 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
Zammad Zammad
9.8
CVSSv3
CVE-2021-42090
An issue exists in Zammad prior to 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
Zammad Zammad
6.1
CVSSv3
CVE-2018-1000154
Zammad GmbH Zammad version 2.3.0 and previous versions contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java s...
Zammad Zammad
9.8
CVSSv3
CVE-2020-26030
An issue exists in Zammad prior to 3.4.1. There is an authentication bypass in the SSO endpoint via a crafted header, when SSO is not configured. An attacker can create a valid and authenticated session that can be used to perform any actions in the name of other users.
Zammad Zammad
7.5
CVSSv3
CVE-2020-26032
An SSRF issue exists in Zammad prior to 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. ...
Zammad Zammad
4.3
CVSSv3
CVE-2020-29158
An issue exists in Zammad prior to 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view.
Zammad Zammad
4.3
CVSSv3
CVE-2020-26034
An account-enumeration issue exists in Zammad prior to 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized...
Zammad Zammad
6.5
CVSSv3
CVE-2023-31597
An issue in Zammad v5.4.0 allows malicious users to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets.
Zammad Zammad
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907
hardcoded
inject
CVE-2024-20359
CVE-2024-2467
CVE-2024-4077
CVE-2024-22391
camera
CVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »