CVE-2017-5621
CVE-2017-5621 affects Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. The issue is a cross-site scripting (XSS) vulnerability triggered by malicious HTML in chat messages or ticket article content when using REST or WebSocket APIs. The vulnerability allows an attacker to inject s...