Vulnerabilities > Zammad

DATE CVE VULNERABILITY TITLE RISK
2021-06-28 CVE-2021-35303 Cross-site Scripting vulnerability in Zammad
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.
network
low complexity
zammad CWE-79
6.1
2020-12-28 CVE-2020-29160 Missing Authorization vulnerability in Zammad
An issue was discovered in Zammad before 3.5.1.
network
low complexity
zammad CWE-862
7.5
2020-12-28 CVE-2020-29159 Unspecified vulnerability in Zammad
An issue was discovered in Zammad before 3.5.1.
network
low complexity
zammad
4.9
2020-12-28 CVE-2020-29158 Missing Authorization vulnerability in Zammad
An issue was discovered in Zammad before 3.5.1.
network
low complexity
zammad CWE-862
4.3
2020-12-28 CVE-2020-26035 Cross-site Scripting vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-79
5.4
2020-12-28 CVE-2020-26034 Unspecified vulnerability in Zammad
An account-enumeration issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad
4.3
2020-12-28 CVE-2020-26033 Cross-Site Request Forgery (CSRF) vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-352
5.4
2020-12-28 CVE-2020-26032 Server-Side Request Forgery (SSRF) vulnerability in Zammad
An SSRF issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-918
7.5
2020-12-28 CVE-2020-26031 Incorrect Default Permissions vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-276
4.3
2020-12-28 CVE-2020-26030 Improper Authentication vulnerability in Zammad
An issue was discovered in Zammad before 3.4.1.
network
low complexity
zammad CWE-287
critical
9.8