Zammad 安全漏洞

Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 contained security vulnerabilities; these vulnerabilities were due to server-side template injection, which could potentially allow remote code execution through AI agents...

CVE-2020-10103

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an acti...

CVE-2022-40817

Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to tickets. However, agents were still wrongly able to perform some operations on such tickets, like adding and removing links, tags. and related answers. This issue has been fixed in 5.2.2...

CVE-2025-32360

In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain confidential information...

PT-2025-15070 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad versions 6.4.0 through 6.4.1 Description: The issue allows an authenticated agent with knowledge base permissions to use the Zammad API to fetch knowledge base content that they have no permission for. Recommendations: For versions 6.4...

CVE-2024-55578

Zammad before 6.4.1 places sensitive data such as authmicrosoftoffice365credentials and applicationsecret in log files...

Zammad Access Control Error Vulnerability (CNVD-2023-9782629)

Zammad is a suite of ticket management software from the German company Zammad. An access control error vulnerability exists in Zammad, which stems from a lack of rate limiting in the email address verification function, and can be exploited by an attacker to potentially send many requests to a...

Zammad 安全漏洞

Zammad is a suite of ticket management software from the German company Zammad. A security vulnerability exists in Zammad version v5.4.0, which stems from a vulnerability that allows an attacker to bypass email authentication and manipulate generated user's data using an arbitrary address, as wel...

CVE-2023-29867

Zammad 5.3.x Fixed 5.4.0 is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API...

PT-2022-22863 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.0 Description: The issue is related to Incorrect Access Control in Zammad, where the software did not correctly perform authorization on certain attachment endpoints. This could be exploited by an unauthenticated attacker t...

CVE-2022-29701

A lack of rate limiting in the 'forgot password' feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2021-35300

Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page...