2 matches found
CVE-2026-34719 Zammad has a Server-side request forgery (SSRF) via webhooks
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme HTTP/HTTPS as well as the hostname was checked. This could end up in retrieving...
Zammad 安全漏洞
Zammad is a ticketing management software developed by the German company Zammad. Versions of Zammad prior to 7.0.1 and 6.5.4 contained security vulnerabilities. These vulnerabilities were due to improper cleaning of data: URI schemes by the HTML cleaner, which could allow the storage of maliciou...