CVE-2020-10098
CVE-2020-10098 affects Zammad 3.0–3.2 via an XSS in the Email functionality. A low-privilege user can supply malicious code in an email, which will execute in the browser of any user who opens the Ticket containing the Article created from that Email. Exploitation details and remediation/fix are ...