An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.
References
Link | Resource |
---|---|
https://zammad.com/en/advisories/zaa-2021-17 | Vendor Advisory |
Configurations
Information
Published : 2021-10-07 14:15
Updated : 2021-10-13 13:30
NVD link : CVE-2021-42085
Mitre link : CVE-2021-42085
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
zammad
- zammad