Vulnerability Description
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the victim must open a ticket. The fixed version is: 2.3.1, 2.2.2 and 2.1.3.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zammad | Zammad | >= 2.1.0, <= 2.1.2 |
Related Weaknesses (CWE)
References
- https://github.com/zammad/zammad/compare/5c983f6...1a9af7dPatchThird Party Advisory
- https://github.com/zammad/zammad/compare/ea50d0c...238784dPatchThird Party Advisory
- https://github.com/zammad/zammad/issues/1869Third Party Advisory
- https://github.com/zammad/zammad/compare/5c983f6...1a9af7dPatchThird Party Advisory
- https://github.com/zammad/zammad/compare/ea50d0c...238784dPatchThird Party Advisory
- https://github.com/zammad/zammad/issues/1869Third Party Advisory
FAQ
What is CVE-2019-1010018?
CVE-2019-1010018 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The impact is: Execute java script code on users browser. The component is: web app. The attack vector is: the...
How severe is CVE-2019-1010018?
CVE-2019-1010018 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-1010018?
Check the references section above for vendor advisories and patch information. Affected products include: Zammad Zammad.