First published: Mon Jun 28 2021(Updated: )
Text injection/Content Spoofing in 404 page in Zammad 1.0.x up to 4.0.0 could allow remote attackers to manipulate users into visiting the attackers' page.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | >=1.0.0<=4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-35300.
CVE-2021-35300 has a severity rating of medium.
CVE-2021-35300 affects Zammad versions 1.0.x up to 4.0.0.
CVE-2021-35300 allows remote attackers to manipulate users into visiting the attackers' page.
Yes, a fix for CVE-2021-35300 is available. Please refer to the advisory for more information.