A CSRF issue exists in Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad 1.1.0 |
||
zammad zammad 1.1.2 |
||
zammad zammad |
||
zammad zammad 1.1.1 |
||
zammad zammad 1.2.0 |