CVE-2026-34241

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

CVE-2026-34241 CtrlPanel: Stored XSS in Ticket Reply Notifications Allows Session Hijacking

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

EUVD-2026-30987

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability in the ticket reply notification system. Unsanitized reply content $newmessage is stored directly in database notification payloads and later rendered...

EUVD-2021-31687

Malicious code in bioql PyPI...

CVE-2021-44886

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...

Design/Logic Flaw

In Zammad 5.0.2, agents can configure "out of office" periods and substitute persons. If the substitute persons didn't have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to...

PT-2022-12252 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.0.2 Description: The issue allows agents to configure "out of office" periods and substitute persons. If the substitute persons do not have the same permissions as the original agent, they could receive ticket notifications f...