Valtteril

Name of the Vulnerable Software and Affected Versions: Zammad versions prior to 2.3.1 Zammad versions prior to 2.2.2 Zammad versions prior to 2.1.3 Description: The issue allows an attacker to execute JavaScript code on a user's browser, leveraging a Cross Site Scripting (XSS) weakness. This can occur when the victim opens a ticket, indicating the attack vector involves user interaction with the web application. Recommendations: For versions prior to 2.3.1, update to version 2.3.1 or later. For versions prior to 2.2.2, update to version 2.2.2 or later. For versions prior to 2.1.3, update to version 2.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Zammad versions prior to 2.3.1 Zammad versions prior to 2.2.2 Zammad versions prior to 2.1.3 **Description** The issue is related to the improper neutralization of script-related HTML tags in a web page, which can lead to the embedding and execution of JavaScript code on a user's browser. This can occur when a victim opens a ticket. **Recommendations** For versions prior to 2.3.1, update to version 2.3.1 or later. For versions prior to 2.2.2, update to version 2.2.2 or later. For versions prior to 2.1.3, update to version 2.1.3 or later.