CVE-2021-42085
https://notcve.org/view.php?id=CVE-2021-42085
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. Se presenta una vulnerabilidad de tipo XSS almacenado por medio de un avatar personalizado • https://zammad.com/en/advisories/zaa-2021-17 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-42086
https://notcve.org/view.php?id=CVE-2021-42086
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. Una cuenta de agente puede modificar los datos de la cuenta, y obtener acceso de administrador, por medio de una petición diseñada • https://zammad.com/en/advisories/zaa-2021-09 •
CVE-2021-42087
https://notcve.org/view.php?id=CVE-2021-42087
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. Un administrador puede detectar el secreto de la aplicación por medio de la API • https://zammad.com/en/advisories/zaa-2021-15 •
CVE-2021-42088
https://notcve.org/view.php?id=CVE-2021-42088
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. La funcionalidad Chat permite un ataque de tipo XSS porque los datos del portapapeles son manejados inapropiadamente • https://zammad.com/en/advisories/zaa-2021-12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-42089
https://notcve.org/view.php?id=CVE-2021-42089
An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information. Se ha detectado un problema en Zammad versiones anteriores a 4.1.1. La API REST divulga información confidencial • https://zammad.com/en/advisories/zaa-2021-13 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •