Zammad · Zammad · CVE-2020-10098
**Name of the Vulnerable Software and Affected Versions**
Zammad versions 3.0 through 3.2
**Description**
A cross-site scripting (XSS) issue was discovered, allowing malicious code to be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email.
**Recommendations**
For Zammad versions 3.0 through 3.2, consider disabling the Email functionality until a patch is available to prevent exploitation of the XSS issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.