VYPR

Zammad

by Zammad

Source repositories

CVEs (90)

  • CVE-2017-6080CriMar 13, 2017
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, caused by lack of a protection mechanism involving HTTP Access-Control headers. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users…

  • CVE-2017-5619CriMar 13, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attackers can login with the hashed password itself (e.g., from the DB) instead of the valid password string.

  • CVE-2017-6081HigMar 13, 2017
    risk 0.57cvss 8.8epss 0.01

    A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. To exploit the vulnerability, an attacker can send cross-domain requests directly to the REST API for users with a valid session cookie.

  • CVE-2026-34724HigApr 8, 2026
    risk 0.47cvss 7.2epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence type_enrichment_data…

  • CVE-2026-34723HigApr 8, 2026
    risk 0.42cvss 7.5epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, unauthenticated remote attackers were able to access the getting started endpoint to get access to sensitive internal entity data, even after the system setup was completed. This…

  • CVE-2018-1000154MedApr 5, 2018
    risk 0.40cvss 6.1epss 0.02

    Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script…

  • CVE-2017-5621MedMar 13, 2017
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. XSS can be triggered via malicious HTML in a chat message or the content of a ticket article, when using either the REST API or the WebSocket API.

  • CVE-2017-5620MedMar 13, 2017
    risk 0.40cvss 6.1epss 0.01

    An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.

  • CVE-2026-34248MedApr 8, 2026
    risk 0.37cvss 5.7epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, customers in shared organizations (means they can see each other's tickets) could see fields which are not intended for customers - including fields not intended for them at all (e.g. priority,…

  • CVE-2026-34721MedApr 8, 2026
    risk 0.35cvss 6.5epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the OAuth callback endpoints for Microsoft, Google, and Facebook external credentials do not validate a CSRF state parameter. This vulnerability is fixed in 7.0.1 and 6.5.4.

  • CVE-2026-34718MedApr 8, 2026
    risk 0.33cvss 6.1epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the HTML sanitizer for ticket articles was missing proper sanitization of data: ... URI schemes, resulting in storing such malicious content in the database of the Zammad instance. The…

  • CVE-2026-34837MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, he REST endpoint POST /api/v1/ai_assistance/text_tools/:id contains an authorization failure. Context data (e.g., a group or organization) supplied to be used in the AI prompt were not checked if…

  • CVE-2026-34782MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the REST endpoint POST /api/v1/ai_assistance/text_tools/:id was not checking if a user is privileged to use the text tool, resulting in being able to use it in all situations. This…

  • CVE-2026-34722MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4.

  • CVE-2026-34720MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the SSO mechanism in Zammad was not verifying the header originates from a trusted SSO proxy/gateway before applying further actions on it. This vulnerability is fixed in 7.0.1 and…

  • CVE-2026-34719MedApr 8, 2026
    risk 0.21cvss 4.3epss 0.00

    Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the webhook model was missing a proper validation for loop back addresses, or link-local addresses — only the URL scheme (HTTP/HTTPS) as well as the hostname was checked. This could…

  • CVE-2025-32358Apr 5, 2025
    risk 0.00cvss epss 0.00

    In Zammad 6.4.x before 6.4.2, SSRF can occur. Authenticated admin users can enable webhooks in Zammad, which are triggered as POST requests when certain conditions are met. If a webhook endpoint returned a redirect response, Zammad would follow it automatically with another GET…

  • CVE-2025-32360Apr 5, 2025
    risk 0.00cvss epss 0.00

    In Zammad 6.4.x before 6.4.2, there is information exposure. Only agents should be able to see and work on shared article drafts. However, a logged in customer was able to see details about shared drafts for their customer tickets in the browser console, which may contain…

  • CVE-2025-32359Apr 5, 2025
    risk 0.00cvss epss 0.00

    In Zammad 6.4.x before 6.4.2, there is client-side enforcement of server-side security. When changing their two factor authentication configuration, users need to re-authenticate with their current password first. However, this change was enforced in Zammad only on the front end…

  • CVE-2025-32357Apr 5, 2025
    risk 0.00cvss epss 0.00

    In Zammad 6.4.x before 6.4.2, an authenticated agent with knowledge base permissions was able to use the Zammad API to fetch knowledge base content that they have no permission for.

Page 1 of 5