Vulnerabilities > Zammad
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-28 | CVE-2021-35298 | Cross-Site Scripting vulnerability in Zammad Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information. | 4.3 |
| 2021-06-28 | CVE-2021-35299 | Exposure of Resource TO Wrong Sphere vulnerability in Zammad Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows attackers to obtain sensitive information via email connection configuration probing. | 5.0 |
| 2021-06-28 | CVE-2021-35300 | Improper Restriction of Rendered UI Layers OR Frames vulnerability in Zammad Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page. | 4.3 |
| 2021-06-28 | CVE-2021-35301 | Exposure of Resource TO Wrong Sphere vulnerability in Zammad Incorrect Access Control in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information via the Ticket Article detail view. | 5.0 |
| 2021-06-28 | CVE-2021-35302 | Exposure of Resource TO Wrong Sphere vulnerability in Zammad Incorrect Access Control for linked Tickets in Zammad 1.0.x up to 4.0.0 allows remote attackers to obtain sensitive information. | 5.0 |
| 2021-06-28 | CVE-2021-35303 | Cross-Site Scripting vulnerability in Zammad Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. | 4.3 |
| 2020-12-28 | CVE-2020-29160 | Incorrect Authorization vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 5.0 |
| 2020-12-28 | CVE-2020-29159 | Unspecified vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 4.0 |
| 2020-12-28 | CVE-2020-29158 | Incorrect Authorization vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 4.0 |
| 2020-12-28 | CVE-2020-26035 | Cross-Site Scripting vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 3.5 |