7 matches found
CVE-2019-1010018
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting XSS - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3...
Cross site scripting
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting XSS - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3...
CVE-2019-1010018
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting XSS - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3...
CVE-2019-1010018
CVE-2019-1010018 affects Zammad (2.3.0 and earlier) web application. A Cross Site Scripting (XSS, CWE-80) vulnerability allows an attacker to execute client-side JavaScript in a user’s browser when the victim opens a ticket. The issue is rooted in insufficient input validation/escaping within the...
CVE-2018-1000154
Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...
CVE-2018-1000154
Zammad (version 2.3.0 and earlier) contains an Improper Neutralization of Script-Related HTML Tags in email subjects (CWE-80) that can lead to embedding/execution of JavaScript in a user’s browser, exploitable when a ticket is opened. Affected: Zammad
CVE-2018-1000154
Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...