Cross site scripting

2021-06-2820:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

45.5%

JSON

Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a ‘note’ field to store additional information.

CPENameOperatorVersion
zammadge1.0.0
zammadle4.0.0

CPE	Name	Operator	Version
	zammad	ge	1.0.0
	zammad	le	4.0.0

References

zammad.com/en/advisories/zaa-2021-03

0.001 Low

EPSS

Percentile

45.5%

JSON

Related for PRION:CVE-2021-35298