An issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad 1.1.0 |
||
zammad zammad 1.1.1 |
||
zammad zammad 1.1.2 |
||
zammad zammad 1.2.0 |
||
zammad zammad |