Medium severity6.1NVD Advisory· Published Mar 13, 2017· Updated Jun 17, 2026
CVE-2017-5620
CVE-2017-5620
Description
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*range: <=1.0.3
- cpe:2.3:a:zammad:zammad:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.2.0:*:*:*:*:*:*:*
- (no CPE)range: <1.0.4, <1.1.3, <1.2.1
Patches
Vulnerability mechanics
References
2- zammad.com/de/news/security-advisory-zaa-2017-01nvdVendor Advisory
- www.securityfocus.com/bid/96937nvd
News mentions
0No linked articles in our index yet.