Vulnerabilities > Zammad

DATE CVE VULNERABILITY TITLE RISK
2021-06-28 CVE-2021-35298 Cross-Site Scripting vulnerability in Zammad
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
network
zammad CWE-79
4.3
2021-06-28 CVE-2021-35299 Exposure of Resource TO Wrong Sphere vulnerability in Zammad
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing.
network
low complexity
zammad CWE-668
5.0
2021-06-28 CVE-2021-35300 Improper Restriction of Rendered UI Layers OR Frames vulnerability in Zammad
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.
network
zammad CWE-1021
4.3
2021-06-28 CVE-2021-35301 Exposure of Resource TO Wrong Sphere vulnerability in Zammad
Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view.
network
low complexity
zammad CWE-668
5.0
2021-06-28 CVE-2021-35302 Exposure of Resource TO Wrong Sphere vulnerability in Zammad
Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information.
network
low complexity
zammad CWE-668
5.0
2021-06-28 CVE-2021-35303 Cross-Site Scripting vulnerability in Zammad
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.
network
zammad CWE-79
4.3
2020-12-28 CVE-2020-29160 Incorrect Authorization vulnerability in Zammad
An issue was discovered in Zammad before 3.5.1.
network
low complexity
zammad CWE-863
5.0
2020-12-28 CVE-2020-29159 Unspecified vulnerability in Zammad
An issue was discovered in Zammad before 3.5.1.
network
low complexity
zammad
4.0
2020-12-28 CVE-2020-29158 Incorrect Authorization vulnerability in Zammad
An issue was discovered in Zammad before 3.5.1.
network
low complexity
zammad CWE-863
4.0
2020-12-28 CVE-2020-26035 Cross-Site Scripting vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
zammad CWE-79
3.5