Zammad Multiple Security Vulnerabilities

Zammad is prone to the following security vulnerabilities.

1. Multiple security-bypass vulnerabilities
2. Multiple cross-site scripting vulnerabilities
3. A cross-site-request forgery vulnerability

An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, perform unauthorized actions in the context of the affected application.

Zammad prior to 1.0.4, 1.1.x prior to 1.1.3, and 1.2.x prior to 1.2.1


Privacy Statement
Copyright 2010, SecurityFocus