Vulnerabilities > Zammad
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-05 | CVE-2020-10097 | Information Exposure Through an Error Message vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
| 2020-03-05 | CVE-2020-10096 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
| 2019-07-16 | CVE-2019-1010018 | Cross-site Scripting vulnerability in Zammad Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. | 4.3 |
| 2018-04-05 | CVE-2018-1000154 | Cross-site Scripting vulnerability in Zammad Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. | 4.3 |
| 2017-03-13 | CVE-2017-6081 | Cross-Site Request Forgery (CSRF) vulnerability in Zammad A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 6.8 |
| 2017-03-13 | CVE-2017-6080 | Cross-Site Request Forgery (CSRF) vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. | 7.5 |
| 2017-03-13 | CVE-2017-5621 | Cross-site Scripting vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 4.3 |
| 2017-03-13 | CVE-2017-5620 | Cross-site Scripting vulnerability in Zammad An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 4.3 |
| 2017-03-13 | CVE-2017-5619 | Improper Authentication vulnerability in Zammad An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. | 7.5 |