PT-2019-11438 · Zammad · Zammad
Valtteril
·
Publicado
2019-07-16
·
Atualizado
2019-10-09
·
CVE-2019-1010018
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Zammad versions prior to 2.3.1
Zammad versions prior to 2.2.2
Zammad versions prior to 2.1.3
Description:
The issue allows an attacker to execute JavaScript code on a user's browser, leveraging a Cross Site Scripting (XSS) weakness. This can occur when the victim opens a ticket, indicating the attack vector involves user interaction with the web application.
Recommendations:
For versions prior to 2.3.1, update to version 2.3.1 or later.
For versions prior to 2.2.2, update to version 2.2.2 or later.
For versions prior to 2.1.3, update to version 2.1.3 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Zammad