An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://zammad.com/news/security-advisory-zaa-2020-03 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-03-05T00:38:39
Updated: 2024-08-04T10:50:57.908Z
Reserved: 2020-03-05T00:00:00
Link: CVE-2020-10098
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-03-05T01:15:11.147
Modified: 2020-03-05T19:12:18.207
Link: CVE-2020-10098
Redhat
No data.