First published: Thu Mar 05 2020(Updated: )
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an active Zammad session.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | >=1.0.0<=3.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this XSS issue in Zammad is CVE-2020-10103.
The severity level of vulnerability CVE-2020-10103 is medium.
Vulnerability CVE-2020-10103 affects Zammad versions 3.0 through 3.2.
A low-privileged user can exploit the XSS vulnerability in Zammad by providing malicious code through the File Upload functionality.
Yes, there is a security advisory available for CVE-2020-10103. You can find it at the following link: https://zammad.com/news/security-advisory-zaa-2020-02