Medium severity6.1NVD Advisory· Published Mar 13, 2017· Updated Jun 17, 2026
CVE-2017-5621
CVE-2017-5621
Description
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*range: <=1.0.3
- cpe:2.3:a:zammad:zammad:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:zammad:zammad:1.2.0:*:*:*:*:*:*:*
- (no CPE)range: <1.0.4, 1.1.x <1.1.3, 1.2.x <1.2.1
Patches
Vulnerability mechanics
References
2- zammad.com/de/news/security-advisory-zaa-2017-01nvdVendor Advisory
- www.securityfocus.com/bid/96937nvd
News mentions
0No linked articles in our index yet.