RSS   Vulnerabilities for 'Zammad'   RSS

2021-10-11
 
CVE-2021-42137

CWE-269
 

 
An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.

 
2021-10-07
 
CVE-2021-42092

CWE-79
 

 
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.

 
 
CVE-2021-42093

NVD-CWE-noinfo
 

 
An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.

 
 
CVE-2021-42094

CWE-77
 

 
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.

 
 
CVE-2021-42084

CWE-835
 

 
An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.

 
 
CVE-2021-42085

CWE-79
 

 
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.

 
 
CVE-2021-42086

CWE-269
 

 
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.

 
 
CVE-2021-42087

CWE-668
 

 
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.

 
 
CVE-2021-42088

CWE-79
 

 
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.

 
 
CVE-2021-42089

CWE-200
 

 
An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.

 


Copyright 2021, cxsecurity.com

 

Back to Top