CVE-2020-10099
CVE-2020-10099 affects Zammad 3.0–3.2 where a stored/reflected XSS can be introduced by a low-privileged user via the Ticket functionality. The malicious JavaScript executes in the browser of any user who opens the affected ticket or has the ticket in the Toolbar. No remediation details are provi...