Vulnerabilities > Zammad > Zammad > 1.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-28 | CVE-2021-35303 | Cross-site Scripting vulnerability in Zammad Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. | 4.3 |
| 2020-12-28 | CVE-2020-29160 | Incorrect Authorization vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 5.0 |
| 2020-12-28 | CVE-2020-29158 | Incorrect Authorization vulnerability in Zammad An issue was discovered in Zammad before 3.5.1. | 4.0 |
| 2020-06-16 | CVE-2020-14214 | Missing Authorization vulnerability in Zammad Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. | 5.8 |
| 2020-03-05 | CVE-2020-10105 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
| 2020-03-05 | CVE-2020-10101 | Improper Input Validation vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.0 |
| 2020-03-05 | CVE-2020-10100 | Information Exposure vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 4.0 |