18 matches found
EUVD-2022-24354
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-32492
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...
CVE-2024-32492
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...
CVE-2024-32492
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...
CVE-2024-32492
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...
UBUNTU-CVE-2024-32492
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...
PT-2024-24614 · Znuny · Znuny
Name of the Vulnerable Software and Affected Versions: Znuny versions 7.0.1 through 7.0.16 Description: An issue was discovered where the ticket detail view in the customer front allows the execution of external JavaScript. Recommendations: For versions 7.0.1 through 7.0.16, consider disabling th...
CVE-2024-32492
Znuny 7.0.1–7.0.16 contains a vulnerability in the ticket detail view for the customer front that allows execution of external JavaScript. The issue is supported by multiple sources (NVD/NASL entries and Red Hat/Ubuntu Debian advisories) without a documented vendor patch in the provided materials...
CVE-2024-32492
An issue was discovered in Znuny 7.0.1 through 7.0.16 where the ticket detail view in the customer front allows the execution of external JavaScript...
SUSE CVE-2022-1004
Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...
CVE-2022-1004
Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...
CVE-2022-1004
Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...
Code injection
Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...
CVE-2022-1004
CVE-2022-1004 affects OTRS and concerns an information disclosure where the Billing Time ExternalFrontend::TicketDetailView###AccountedTimeDisplay setting is shown in the Ticket Work Order details view even if the display is disabled. Multiple sources corroborate this, including NVD and CVE recor...
CVE-2022-1004
Accounted time is shown in the Ticket Detail View External Interface, even if ExternalFrontend::TicketDetailViewAccountedTimeDisplay is disabled...
Spoofing
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view...
CVE-2020-29158
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can bypass intended access control on internal Articles via the Ticket detail view...
Zammad 安全漏洞
Zammad is a Web-based open source helpdesk/customer support system. An access control bypass vulnerability exists in Zammad versions prior to 3.5.1. An Agent with Customer privileges in a group can exploit this vulnerability to bypass access control to internal Articles via the Ticket detail view...