First published: Mon Jun 28 2021(Updated: )
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | >=1.0.0<=4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Cross Site Scripting (XSS) vulnerability in Zammad is CVE-2021-35303.
The severity of CVE-2021-35303 is medium with a CVSS score of 6.1.
Zammad versions 1.0.x up to 4.0.0 are affected by the Cross Site Scripting (XSS) vulnerability.
Remote attackers can exploit CVE-2021-35303 by executing arbitrary web script or HTML via the User Avatar attribute in Zammad.
Yes, a fix is available for CVE-2021-35303. It is recommended to update Zammad to version 4.0.1 or later to mitigate the vulnerability.