Vulnerabilities > Zammad
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-28 | CVE-2021-35303 | Cross-site Scripting vulnerability in Zammad Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. | 6.1 |
2020-12-28 | CVE-2020-29160 | Missing Authorization vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 7.5 |
2020-12-28 | CVE-2020-29159 | Unspecified vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 4.9 |
2020-12-28 | CVE-2020-29158 | Missing Authorization vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 4.3 |
2020-12-28 | CVE-2020-26035 | Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 5.4 |
2020-12-28 | CVE-2020-26034 | Unspecified vulnerability in Zammad An account-enumeration issue was discovered in Zammad before 3.4.1. | 4.3 |
2020-12-28 | CVE-2020-26033 | Cross-Site Request Forgery (CSRF) vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 5.4 |
2020-12-28 | CVE-2020-26032 | Server-Side Request Forgery (SSRF) vulnerability in Zammad An SSRF issue was discovered in Zammad before 3.4.1. | 7.5 |
2020-12-28 | CVE-2020-26031 | Incorrect Default Permissions vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 4.3 |
2020-12-28 | CVE-2020-26030 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 3.4.1. | 9.8 |