An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
CVSS Score
9.8
EPSS Score
0.049
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. SSRF can occur via GitHub or GitLab integration.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. An admin can execute code on the server via a crafted request that manipulates triggers.
CVSS Score
7.2
EPSS Score
0.011
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. Command Injection can occur via custom Packages.
CVSS Score
9.8
EPSS Score
0.032
Published
2021-10-07
Page 2