An XSS issue exists in Zammad 3.0 up to and including 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
zammad zammad |