CVE-2023-50456

Name of the Vulnerable Software and Affected Versions Zammad versions prior to 6.2.0

Description An issue was discovered that allows an attacker to trigger phishing links in generated notification emails via a crafted first or last name.

Recommendations For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider validating and sanitizing user input for first and last names to prevent malicious content from being included in notification emails. Restrict access to notification email generation to minimize the risk of exploitation.