An issue was discovered in Zammad before 5.0.1. In some cases, there is improper enforcement of the privilege requirement for viewing a list of tickets that shows title, state, etc.
CVSS Score
5.3
EPSS Score
0.002
Published
2021-10-11
An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.
CVSS Score
4.9
EPSS Score
0.003
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
CVSS Score
9.8
EPSS Score
0.049
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-07