|
213901
|
5.3 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an at…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-10105
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213902
|
4.3 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive information to the user that may be compromised and used by an attacker to gain unauthorized access. Ha…
|
CWE-200
Information Exposure
|
CVE-2020-10104
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213903
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute w…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10103
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213904
|
7.5 |
HIGH
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors…
|
CWE-20
CWE-755
Improper Input Validation
Improper Handling of Exceptional Conditions
|
CVE-2020-10101
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213905
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Ticket functionality in Zammad. The malicious JavaScript will execute within…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10099
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213906
|
5.4 |
MEDIUM
Network
|
zammad
|
zammad
|
An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browse…
|
CWE-79
Cross-site Scripting
|
CVE-2020-10098
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213907
|
5.3 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that disclose internal application or infrastructure information. This information could aid attackers in…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2020-10097
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213908
|
7.5 |
HIGH
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a …
|
CWE-200
Information Exposure
|
CVE-2020-10096
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213909
|
8.8 |
HIGH
Network
|
metalgenix
|
genixcms
|
GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection…
|
CWE-352
Origin Validation Error
|
CVE-2020-10057
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213910
|
5.3 |
MEDIUM
Network
|
zammad
|
zammad
|
An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented in a way that would enable an anonymous user to guess valid user emails. In the current implementat…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2020-10102
|
2024-11-21 13:54 |
2020-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
