CVE List

CVE-2020-10098

Moderate 5.4

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.

Published March 5, 2020.

Affected software

Get alerts for Zammad Zammad

Reference links