CVE-2019-1010018

2019-07-1612:35:14

CWE-80

dwf

www.cve.org

0.001 Low

EPSS

Percentile

32.5%

JSON

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.

CNA Affected

[
  {
    "product": "Zammad",
    "vendor": "Zammad GmbH",
    "versions": [
      {
        "status": "affected",
        "version": "≤ 2.3.0 [fixed: 2.3.1"
      },
      {
        "status": "affected",
        "version": "2.2.2 and 2.1.3]"
      }
    ]
  }
]