CVE-2019-1010018

2019-07-1613:15:10

Google

osv.dev

6.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.5%

JSON

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.

CPENameOperatorVersion
zammadeq2.1.1
zammadeq2.2.0
zammadeq2.1.0
zammadeq2.2.1
zammadeq2.1.2

Name	Operator	Version
zammad	eq	2.1.1
zammad	eq	2.2.0
zammad	eq	2.1.0
zammad	eq	2.2.1
zammad	eq	2.1.2

References

github.com/zammad/zammad/compare/5c983f6...1a9af7d

github.com/zammad/zammad/compare/ea50d0c...238784d

github.com/zammad/zammad/issues/1869