An XSS issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad |
||
zammad zammad 1.1.0 |
||
zammad zammad 1.1.1 |
||
zammad zammad 1.1.2 |
||
zammad zammad 1.2.0 |