Filtered by vendor Zammad
Subscriptions
Total
71 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-10097 | 1 Zammad | 1 Zammad | 2020-03-05 | 5.3 Medium |
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in successfully exploiting other vulnerabilities. | ||||
CVE-2020-10098 | 1 Zammad | 1 Zammad | 2020-03-05 | 5.4 Medium |
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email. | ||||
CVE-2020-10099 | 1 Zammad | 1 Zammad | 2020-03-05 | 5.4 Medium |
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens the ticket or has the ticket within the Toolbar. | ||||
CVE-2020-10103 | 1 Zammad | 1 Zammad | 2020-03-05 | 5.4 Medium |
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an active Zammad session. | ||||
CVE-2020-10104 | 1 Zammad | 1 Zammad | 2020-03-05 | 4.3 Medium |
An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Hashed passwords are returned to the user when visiting a certain URL. | ||||
CVE-2019-1010018 | 1 Zammad | 1 Zammad | 2019-10-09 | N/A |
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3. | ||||
CVE-2017-6080 | 1 Zammad | 1 Zammad | 2019-10-03 | N/A |
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie and receive the result. | ||||
CVE-2017-5619 | 1 Zammad | 1 Zammad | 2019-10-03 | N/A |
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string. | ||||
CVE-2017-6081 | 1 Zammad | 1 Zammad | 2019-03-14 | N/A |
A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie. | ||||
CVE-2017-5621 | 1 Zammad | 1 Zammad | 2017-03-18 | N/A |
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API. | ||||
CVE-2017-5620 | 1 Zammad | 1 Zammad | 2017-03-18 | N/A |
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application. |