First published: Thu Oct 07 2021(Updated: )
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zammad Zammad | <4.1.1 | |
<4.1.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue in Zammad is CVE-2021-42092.
The severity of CVE-2021-42092 is medium with a CVSS score of 5.4.
The affected software for CVE-2021-42092 is Zammad versions up to exclusive 4.1.1.
CVE-2021-42092 occurs via a stored XSS vulnerability during the addition of an attachment to a Ticket in Zammad.
To fix CVE-2021-42092 in Zammad, you should update to version 4.1.1 or higher.