Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-10103

Опубликовано: 05 мар. 2020
Источник: nvd
CVSS3: 5.4
CVSS2: 3.5
EPSS Низкий

Описание

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an active Zammad session.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:zammad:zammad:*:*:*:*:*:*:*:*
Версия от 1.0.0 (включая) до 3.2.0 (включая)

EPSS

Процентиль: 60%
0.00402
Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

debian логотип

CVE-2020-10103

CVSS3: 5.4
debian
почти 6 лет назад

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...

github логотип

GHSA-59q5-crp9-8r37

github
больше 3 лет назад

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the File Upload functionality in Zammad. The malicious JavaScript will execute within the browser of any user who opens a specially crafted link to the uploaded file with an active Zammad session.

EPSS

Процентиль: 60%
0.00402
Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79