Zammad · Zammad · CVE-2020-10103
**Name of the Vulnerable Software and Affected Versions**
Zammad versions 3.0 through 3.2
**Description**
A cross-site scripting (XSS) issue was discovered, allowing malicious code to be provided by a low-privileged user through the File Upload functionality. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an active Zammad session.
**Recommendations**
For Zammad versions 3.0 through 3.2, consider disabling the File Upload functionality until a patch is available to prevent exploitation of this issue. Restrict access to uploaded files to minimize the risk of malicious JavaScript execution.