Pdc

Name of the Vulnerable Software and Affected Versions: Zammad versions 1.0.x through 4.0.0 Description: The issue allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a `note` field to store additional information. This is a Cross Site Scripting (XSS) issue. Recommendations: For Zammad versions 1.0.x through 4.0.0, consider disabling the `note` field in multiple models as a temporary workaround until a patch is available. Restrict access to models containing the `note` field to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Name of the Vulnerable Software and Affected Versions: Zammad versions 1.0.x through 4.0.0 Description: The issue allows remote attackers to execute arbitrary web script or HTML via the `User Avatar` attribute, enabling Cross Site Scripting (XSS) attacks. This can lead to the execution of malicious scripts on the victim's browser. Recommendations: For versions 1.0.x through 4.0.0, update to a version later than 4.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the `User Avatar` attribute to minimize the risk of exploitation.