CVE-2019-1010018
16.07.2019, 13:15
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.
| Vendor | Product | Version |
|---|---|---|
| zammad | zammad | 2.1.0 ≤ 𝑥 ≤ 2.1.2 |
| zammad | zammad | 2.2.0 ≤ 𝑥 ≤ 2.2.1 |
| zammad | zammad | 2.3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
References