Vulnerabilities > Zammad > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-16 | CVE-2020-14214 | Missing Authorization vulnerability in Zammad Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. | 5.8 |
| 2020-06-16 | CVE-2020-14213 | Missing Authorization vulnerability in Zammad In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). | 5.5 |
| 2020-03-05 | CVE-2020-10105 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
| 2020-03-05 | CVE-2020-10104 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 4.0 |
| 2020-03-05 | CVE-2020-10101 | Improper Input Validation vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
| 2020-03-05 | CVE-2020-10100 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 4.0 |
| 2020-03-05 | CVE-2020-10097 | Information Exposure Through an Error Message vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
| 2020-03-05 | CVE-2020-10096 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
| 2019-07-16 | CVE-2019-1010018 | Cross-site Scripting vulnerability in Zammad Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. | 4.3 |
| 2018-04-05 | CVE-2018-1000154 | Cross-site Scripting vulnerability in Zammad Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. | 4.3 |