Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.
References
Link | Resource |
---|---|
https://github.com/zammad/zammad/compare/5c983f6...1a9af7d | Patch Third Party Advisory |
https://github.com/zammad/zammad/compare/ea50d0c...238784d | Patch Third Party Advisory |
https://github.com/zammad/zammad/issues/1869 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: dwf
Published: 2019-07-16T12:35:14
Updated: 2019-07-16T12:35:14
Reserved: 2019-03-20T00:00:00
Link: CVE-2019-1010018
JSON object: View
NVD Information
Status : Modified
Published: 2019-07-16T13:15:10.893
Modified: 2019-10-09T23:44:12.930
Link: CVE-2019-1010018
JSON object: View
Redhat Information
No data.